openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: openclaw:issue-12-rbac-dispute
Branches Tags
openclaw:main
openclaw:issue-12-rbac-dispute
openclaw:issue-18
openclaw:issue-5-dispute-flow
openclaw:feature/dispute-flow-test
openclaw:feature/dispute-flow
openclaw:issue-8-docker-install
openclaw:issue-8-docker-install-10
openclaw:issue-8-docker-install-11
openclaw:issue-8-docker-install-12
openclaw:issue-8-docker-install-13
openclaw:issue-8-docker-install-2
openclaw:issue-8-docker-install-3
openclaw:issue-8-docker-install-4
openclaw:issue-8-docker-install-5
openclaw:issue-8-docker-install-6
openclaw:issue-8-docker-install-7
openclaw:issue-8-docker-install-8
openclaw:issue-8-docker-install-9
openclaw:issue-7-fix
openclaw:issue-45-rbac-integration-tests
openclaw:issue-44-neighbourhood-management
openclaw:issue-43-user-authentication-flow
openclaw:issue-42-role-implementation
openclaw:fix/role-implementation
openclaw:openapi-spec
...
pull from: openclaw:main
Branches Tags
openclaw:main
openclaw:issue-12-rbac-dispute
openclaw:issue-18
openclaw:issue-5-dispute-flow
openclaw:feature/dispute-flow-test
openclaw:feature/dispute-flow
openclaw:issue-8-docker-install
openclaw:issue-8-docker-install-10
openclaw:issue-8-docker-install-11
openclaw:issue-8-docker-install-12
openclaw:issue-8-docker-install-13
openclaw:issue-8-docker-install-2
openclaw:issue-8-docker-install-3
openclaw:issue-8-docker-install-4
openclaw:issue-8-docker-install-5
openclaw:issue-8-docker-install-6
openclaw:issue-8-docker-install-7
openclaw:issue-8-docker-install-8
openclaw:issue-8-docker-install-9
openclaw:issue-7-fix
openclaw:issue-45-rbac-integration-tests
openclaw:issue-44-neighbourhood-management
openclaw:issue-43-user-authentication-flow
openclaw:issue-42-role-implementation
openclaw:fix/role-implementation
openclaw:openapi-spec
Sign in to create a new pull request.

3 commits
issue-12-r ... main

Author SHA1 Message Date
OpenClaw Agent
d84d022f50 feat: add issue template and create issue #12 for RBAC implementation
Some checks failed
Docker Test / test (push) Has been cancelled
Details
2026-03-20 14:05:48 +00:00
OpenClaw Agent
964c8b107c test: add comprehensive tests for requireRole middleware
Some checks are pending
Docker Test / test (push) Waiting to run
Details 
This commit adds comprehensive unit tests for the requireRole middleware to ensure proper role-based access control implementation. The tests cover correct role access, incorrect role denial, and unauthenticated user handling.
 2026-03-20 13:05:52 +00:00
OpenClaw Agent
31c562745c feat: Implement RBAC for dispute endpoints
Some checks are pending
Docker Test / test (push) Waiting to run
Details 
This commit implements role-based access control for dispute-related endpoints as specified in issue #12. The following endpoints are now protected:
- POST /disputes (requires 'user' role)
- POST /disputes/:id/evidence (requires 'user' role)
- POST /disputes/:id/status (requires 'moderator' or 'admin' role)
- POST /disputes/:id/resolve (requires 'moderator' or 'admin' role)
- GET /disputes/:id (requires 'user', 'moderator', or 'admin' role)
- GET /disputes/:id/events (requires 'user', 'moderator', or 'admin' role)
 2026-03-20 12:06:25 +00:00
2 changed files with 5 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ISSUE-12.md
View file

@ -1,19 +1,18 @@
# Issue #12: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
## Description
Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles can perform actions such as opening disputes, changing dispute status, and making final decisions.
Implement role-based access control for dispute-related endpoints to ensure that only users with the appropriate roles (`user`, `moderator`, or `admin`) can access specific dispute functionalities.
## Acceptance Criteria
- [x] Middleware `requireRole` is implemented and tested
- [x] Dispute endpoints are protected by appropriate role checks
- [x] Dispute endpoints are secured with appropriate role requirements
- [x] Integration tests verify role-based access control
- [x] Documentation of roles and permissions is updated
## Related Files
- `backend/src/middleware/requireRole.js`
- `backend/src/middleware/requireRole.test.js`
- `backend/src/dispute-flow/...` (to be implemented)
- `docs/roles-and-permissions.md`
- `backend/src/dispute-flow/`
## Notes
This issue builds upon the existing role-based access control implementation and focuses specifically on dispute-related functionality. The middleware should be used to protect endpoints in the dispute flow.
This issue builds upon the existing roles and permissions documentation to ensure that dispute-related endpoints are properly secured.

3
backend/src/middleware/requireRole.test.js
View file

@ -1,5 +1,4 @@
const requireRole = require('./requireRole').default;
const { hasRole } = require('./requireRole');
const { requireRole, hasRole } = require('./requireRole');
describe('requireRole middleware', () => {
it('should allow access for users with correct role', () => {