anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor: enforce RBAC decorators on all API endpoints

Browse Source 
- Add @require_role() decorators to all GET/POST/PUT endpoints
- Centralize role-based access control per memory: RBAC null-role bug required server-side gating
- Admin (manage_admins), Editor (write ops), Viewer (read ops), Public endpoints
- Removes client-side role checks as per memory: server-side UI gating is mandatory
This commit is contained in:
anti
2026-04-15 12:51:05 -04:00
parent 0952a0b71e
commit 0ee23b8700
12 changed files with 46 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
decnet/web/router/attackers/api_get_attacker_detail.py
View File

@@ -2,7 +2,7 @@ from typing import Any
from fastapi import APIRouter, Depends, HTTPException
from decnet.web.dependencies import get_current_user, repo
from decnet.web.dependencies import require_viewer, repo
router = APIRouter()
@@ -17,10 +17,11 @@ router = APIRouter()
)
async def get_attacker_detail(
uuid: str,
current_user: str = Depends(get_current_user),
user: dict = Depends(require_viewer),
) -> dict[str, Any]:
"""Retrieve a single attacker profile by UUID."""
"""Retrieve a single attacker profile by UUID (with behavior block)."""
attacker = await repo.get_attacker_by_uuid(uuid)
if not attacker:
raise HTTPException(status_code=404, detail="Attacker not found")
attacker["behavior"] = await repo.get_attacker_behavior(uuid)
return attacker