Compare commits
No commits in common. "7ceb505d76f045f0fee1c15e3f6efbac1e1650c2" and "b4990297ce085345430e4913d611b2d6171b4819" have entirely different histories.
7ceb505d76
...
b4990297ce
5 changed files with 10 additions and 58 deletions
|
|
@ -9,8 +9,8 @@ Brief description of the task to be done.
|
|||
- [ ] Criterion 3
|
||||
|
||||
### Related Files
|
||||
- File 1
|
||||
- File 2
|
||||
- `path/to/file1.js`
|
||||
- `path/to/file2.md`
|
||||
|
||||
### Notes
|
||||
Any additional context or notes.
|
||||
Additional context or information.
|
||||
20
NEW_ISSUE.md
20
NEW_ISSUE.md
|
|
@ -1,20 +0,0 @@
|
|||
# Implement comprehensive RBAC documentation and tests
|
||||
|
||||
## Description
|
||||
The project needs comprehensive documentation and tests for the role-based access control (RBAC) system that has been implemented. This includes:
|
||||
|
||||
1. Detailed documentation of the roles and permissions in `docs/roles-and-permissions.md`
|
||||
2. Tests for the middleware in `backend/middleware/role.middleware.js`
|
||||
3. Integration tests for routes that use the middleware
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Documentation of all roles and their permissions is complete
|
||||
- [ ] Middleware tests cover all scenarios (authorized, unauthorized, missing role)
|
||||
- [ ] Integration tests verify route protection with different user roles
|
||||
- [ ] All tests pass successfully
|
||||
- [ ] Documentation is consistent with implementation
|
||||
|
||||
## Tasks
|
||||
- [ ] Update `docs/roles-and-permissions.md` with complete role matrix and examples
|
||||
- [ ] Add integration tests for protected routes
|
||||
- [ ] Run all tests to verify functionality
|
||||
|
|
@ -107,13 +107,3 @@ const requireRole = (allowedRoles) => {
|
|||
|
||||
module.exports = { requireRole };
|
||||
```
|
||||
|
||||
## Integrationstests
|
||||
|
||||
Um sicherzustellen, dass die Rollenkontrolle korrekt funktioniert, wurden Integrationstests hinzugefügt. Diese Tests überprüfen:
|
||||
|
||||
1. Ob nicht-authentifizierte Nutzer auf geschützte Endpunkte keinen Zugriff erhalten
|
||||
2. Ob Nutzer mit falscher Rolle auf geschützte Endpunkte keinen Zugriff erhalten
|
||||
3. Ob Nutzer mit korrekter Rolle auf geschützte Endpunkte Zugriff erhalten
|
||||
|
||||
Die Tests befinden sich in `test/roles.test.js`.
|
||||
13
issue_10.md
13
issue_10.md
|
|
@ -1,13 +1,14 @@
|
|||
# Issue: Implement Role-Based Access Control (RBAC) for API Endpoints
|
||||
|
||||
## Description
|
||||
Implement role-based access control (RBAC) for the API endpoints to ensure that users can only access resources and perform actions according to their assigned roles (`user`, `moderator`, `admin`).
|
||||
Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific resources. This includes implementing middleware to check user roles and updating existing routes to use this middleware.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [x] Role middleware is implemented and tested
|
||||
- [x] API endpoints are secured with appropriate role checks
|
||||
- [x] Audit logging is implemented for sensitive actions
|
||||
- [x] Documentation of the RBAC system is updated
|
||||
- [x] Middleware `requireRole` is implemented and tested
|
||||
- [x] All existing API routes are updated to use the `requireRole` middleware where necessary
|
||||
- [x] The middleware correctly checks if the user has at least one of the required roles
|
||||
- [x] Unauthorized access attempts return a 403 Forbidden status
|
||||
- [x] The implementation is consistent with the documented roles and permissions
|
||||
|
||||
## Related Files
|
||||
- `backend/middleware/role.middleware.js`
|
||||
|
|
@ -15,4 +16,4 @@ Implement role-based access control (RBAC) for the API endpoints to ensure that
|
|||
- `backend/routes/`
|
||||
|
||||
## Notes
|
||||
This issue builds upon the existing roles and permissions documentation in `docs/roles-and-permissions.md`. The implementation should follow the principles outlined in that document.
|
||||
This task builds upon the existing role definitions in `docs/roles-and-permissions.md` and ensures that the backend enforces these permissions correctly.
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
# Issue: Implement Role-Based Access Control (RBAC) for API Endpoints
|
||||
|
||||
## Description
|
||||
Implement role-based access control (RBAC) for the API endpoints to ensure that only users with the appropriate roles can access specific resources. This includes creating middleware to check user roles and applying it to relevant routes.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [x] Create a `requireRole` middleware function in `backend/middleware/role.middleware.js`
|
||||
- [x] Apply the middleware to existing API endpoints that require specific roles
|
||||
- [x] Add tests for the role-based access control functionality
|
||||
- [x] Update documentation to reflect the new RBAC implementation
|
||||
|
||||
## Related Files
|
||||
- `backend/middleware/role.middleware.js`
|
||||
- `backend/controllers/...` (to be updated)
|
||||
- `backend/routes/...` (to be updated)
|
||||
- `test/roles.test.js`
|
||||
|
||||
## Notes
|
||||
This task builds upon the existing roles and permissions documentation in `docs/roles-and-permissions.md`.
|
||||
Loading…
Add table
Add a link
Reference in a new issue