docs: update roles and permissions documentation
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit is contained in:
BibaBot Jarvis
parent
097d1af837
commit
ba32d67023
1 changed files with 35 additions and 1 deletions
|
|
@ -73,3 +73,37 @@
|
|||
- Rollen-Claims in API-Security-Konzept referenziert
|
||||
- Role-Checks fuer neue Endpunkte verpflichtend
|
||||
- Audit-Events fuer Admin/Moderation spezifiziert
|
||||
|
||||
## Implementierung
|
||||
|
||||
Die Rollen werden in der Datenbank als `role`-Feld im `users`-Table gespeichert. Die Middleware `requireRole` prüft, ob der eingeloggte Benutzer die benötigte Rolle besitzt.
|
||||
|
||||
### Beispiel für eine geschützte Route:
|
||||
|
||||
```javascript
|
||||
const express = require('express');
|
||||
const router = express.Router();
|
||||
const { requireRole } = require('../middleware/role.middleware');
|
||||
|
||||
// Nur Admins dürfen diese Route aufrufen
|
||||
router.delete('/users/:userId', requireRole(['admin']), async (req, res) => {
|
||||
// ...
|
||||
});
|
||||
```
|
||||
|
||||
### Beispiel für eine Middleware zur Rollenprüfung:
|
||||
|
||||
```javascript
|
||||
// backend/middleware/role.middleware.js
|
||||
const requireRole = (allowedRoles) => {
|
||||
return (req, res, next) => {
|
||||
const userRole = req.user.role; // aus JWT
|
||||
if (!allowedRoles.includes(userRole)) {
|
||||
return res.status(403).json({ error: 'Forbidden' });
|
||||
}
|
||||
next();
|
||||
};
|
||||
};
|
||||
|
||||
module.exports = { requireRole };
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue