matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apply security audit

Browse Source
This commit is contained in:
Matthias Hochmeister
2026-03-11 13:51:01 +01:00
parent 93a87a7ae9
commit 3c9b7d3446
19 changed files with 247 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/src/routes/atemschutz.routes.ts
View File

@@ -1,10 +1,7 @@
import { Router } from 'express';
import atemschutzController from '../controllers/atemschutz.controller';
import { authenticate } from '../middleware/auth.middleware';
import { requireGroups } from '../middleware/rbac.middleware';
const ADMIN_GROUPS = ['dashboard_admin', 'dashboard_kommando', 'dashboard_atemschutz', 'dashboard_moderator'];
const WRITE_GROUPS = ['dashboard_admin', 'dashboard_kommando', 'dashboard_atemschutz', 'dashboard_moderator'];
import { requirePermission } from '../middleware/rbac.middleware';
const router = Router();
@@ -15,13 +12,13 @@ router.get('/stats', authenticate, atemschutzController.getStats.bind(atems
router.get('/my-status', authenticate, atemschutzController.getMyStatus.bind(atemschutzController));
router.get('/:id', authenticate, atemschutzController.getOne.bind(atemschutzController));
// ── Write — admin + kommandant ───────────────────────────────────────────────
// ── Write — gruppenfuehrer+ ─────────────────────────────────────────────────
router.post('/', authenticate, requireGroups(WRITE_GROUPS), atemschutzController.create.bind(atemschutzController));
router.patch('/:id', authenticate, requireGroups(WRITE_GROUPS), atemschutzController.update.bind(atemschutzController));
router.post('/', authenticate, requirePermission('atemschutz:write'), atemschutzController.create.bind(atemschutzController));
router.patch('/:id', authenticate, requirePermission('atemschutz:write'), atemschutzController.update.bind(atemschutzController));
// ── Delete — admin only ──────────────────────────────────────────────────────
// ── Delete — kommandant+ ────────────────────────────────────────────────────
router.delete('/:id', authenticate, requireGroups(ADMIN_GROUPS), atemschutzController.delete.bind(atemschutzController));
router.delete('/:id', authenticate, requirePermission('atemschutz:delete'), atemschutzController.delete.bind(atemschutzController));
export default router;