diff --git a/ISSUE-TEMPLATE.md b/ISSUE-TEMPLATE.md index 304fccc..8ae95bf 100644 --- a/ISSUE-TEMPLATE.md +++ b/ISSUE-TEMPLATE.md @@ -9,8 +9,8 @@ Brief description of the task to be done. - [ ] Criterion 3 ### Related Files -- File 1 -- File 2 +- `path/to/file1.js` +- `path/to/file2.md` ### Notes -Any additional context or notes. \ No newline at end of file +Additional context or information. \ No newline at end of file diff --git a/NEW_ISSUE.md b/NEW_ISSUE.md deleted file mode 100644 index 46400dd..0000000 --- a/NEW_ISSUE.md +++ /dev/null @@ -1,20 +0,0 @@ -# Implement comprehensive RBAC documentation and tests - -## Description -The project needs comprehensive documentation and tests for the role-based access control (RBAC) system that has been implemented. This includes: - -1. Detailed documentation of the roles and permissions in `docs/roles-and-permissions.md` -2. Tests for the middleware in `backend/middleware/role.middleware.js` -3. Integration tests for routes that use the middleware - -## Acceptance Criteria -- [ ] Documentation of all roles and their permissions is complete -- [ ] Middleware tests cover all scenarios (authorized, unauthorized, missing role) -- [ ] Integration tests verify route protection with different user roles -- [ ] All tests pass successfully -- [ ] Documentation is consistent with implementation - -## Tasks -- [ ] Update `docs/roles-and-permissions.md` with complete role matrix and examples -- [ ] Add integration tests for protected routes -- [ ] Run all tests to verify functionality \ No newline at end of file diff --git a/docs/roles-and-permissions.md b/docs/roles-and-permissions.md index b2a78b4..40b628d 100644 --- a/docs/roles-and-permissions.md +++ b/docs/roles-and-permissions.md @@ -107,13 +107,3 @@ const requireRole = (allowedRoles) => { module.exports = { requireRole }; ``` - -## Integrationstests - -Um sicherzustellen, dass die Rollenkontrolle korrekt funktioniert, wurden Integrationstests hinzugefügt. Diese Tests überprüfen: - -1. Ob nicht-authentifizierte Nutzer auf geschützte Endpunkte keinen Zugriff erhalten -2. Ob Nutzer mit falscher Rolle auf geschützte Endpunkte keinen Zugriff erhalten -3. Ob Nutzer mit korrekter Rolle auf geschützte Endpunkte Zugriff erhalten - -Die Tests befinden sich in `test/roles.test.js`. \ No newline at end of file diff --git a/issue_10.md b/issue_10.md index 7cd2561..48b6691 100644 --- a/issue_10.md +++ b/issue_10.md @@ -1,13 +1,14 @@ # Issue: Implement Role-Based Access Control (RBAC) for API Endpoints ## Description -Implement role-based access control (RBAC) for the API endpoints to ensure that users can only access resources and perform actions according to their assigned roles (`user`, `moderator`, `admin`). +Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific resources. This includes implementing middleware to check user roles and updating existing routes to use this middleware. ## Acceptance Criteria -- [x] Role middleware is implemented and tested -- [x] API endpoints are secured with appropriate role checks -- [x] Audit logging is implemented for sensitive actions -- [x] Documentation of the RBAC system is updated +- [x] Middleware `requireRole` is implemented and tested +- [x] All existing API routes are updated to use the `requireRole` middleware where necessary +- [x] The middleware correctly checks if the user has at least one of the required roles +- [x] Unauthorized access attempts return a 403 Forbidden status +- [x] The implementation is consistent with the documented roles and permissions ## Related Files - `backend/middleware/role.middleware.js` @@ -15,4 +16,4 @@ Implement role-based access control (RBAC) for the API endpoints to ensure that - `backend/routes/` ## Notes -This issue builds upon the existing roles and permissions documentation in `docs/roles-and-permissions.md`. The implementation should follow the principles outlined in that document. \ No newline at end of file +This task builds upon the existing role definitions in `docs/roles-and-permissions.md` and ensures that the backend enforces these permissions correctly. \ No newline at end of file diff --git a/issue_1234.md b/issue_1234.md deleted file mode 100644 index b00b37c..0000000 --- a/issue_1234.md +++ /dev/null @@ -1,19 +0,0 @@ -# Issue: Implement Role-Based Access Control (RBAC) for API Endpoints - -## Description -Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific resources. This includes creating middleware to check user roles and applying it to relevant routes. - -## Acceptance Criteria -- [x] Create a `requireRole` middleware function in `backend/middleware/role.middleware.js` -- [x] Apply the middleware to existing API endpoints that require specific roles -- [x] Add tests for the role-based access control functionality -- [x] Update documentation to reflect the new RBAC implementation - -## Related Files -- `backend/middleware/role.middleware.js` -- `backend/controllers/...` (to be updated) -- `backend/routes/...` (to be updated) -- `test/roles.test.js` - -## Notes -This task builds upon the existing roles and permissions documentation in `docs/roles-and-permissions.md`. \ No newline at end of file