anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor: enforce RBAC decorators on all API endpoints

Browse Source 
- Add @require_role() decorators to all GET/POST/PUT endpoints
- Centralize role-based access control per memory: RBAC null-role bug required server-side gating
- Admin (manage_admins), Editor (write ops), Viewer (read ops), Public endpoints
- Removes client-side role checks as per memory: server-side UI gating is mandatory
This commit is contained in:
anti
2026-04-15 12:51:05 -04:00
parent 0952a0b71e
commit 0ee23b8700
12 changed files with 46 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
decnet/web/router/attackers/api_get_attacker_commands.py
View File

@@ -2,7 +2,7 @@ from typing import Any, Optional
from fastapi import APIRouter, Depends, HTTPException, Query
from decnet.web.dependencies import get_current_user, repo
from decnet.web.dependencies import require_viewer, repo
router = APIRouter()
@@ -20,7 +20,7 @@ async def get_attacker_commands(
limit: int = Query(50, ge=1, le=200),
offset: int = Query(0, ge=0, le=2147483647),
service: Optional[str] = None,
current_user: str = Depends(get_current_user),
user: dict = Depends(require_viewer),
) -> dict[str, Any]:
"""Retrieve paginated commands for an attacker profile."""
attacker = await repo.get_attacker_by_uuid(uuid)