BE-API-5c: DSGVO-Consent-Guard #127
Labels
No labels
component/backend
component/docs
component/e2e
component/frontend
component/infra
component/keycloak
prio/high
prio/low
prio/medium
type/bug
type/chore
type/feature
type/refactor
type/test
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
WompSchmiede/FamilienFeierPlaner#127
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Beschreibung
DSGVO-Zustimmungsschranke pro Person (403 bei fehlendem Consent). Der Guard wird auf allen Endpunkten angewandt (ausser
/health, Consent-Endpunkt selbst und i18n-Endpunkte).Aufgaben
auth.ts: Neuer HookrequireConsent()request.user.personIdeinen Eintrag inconsentshatrequireConsentauf folgende Endpunkte an:GET /api/v1/personsGET /api/v1/persons/{person_id}PUT /api/v1/persons/{person_id}POST /api/v1/personsGET /api/v1/persons/{person_id}/contactsPUT /api/v1/persons/{person_id}/contactsPOST /api/v1/persons/{person_id}/archivePOST /api/v1/persons/{person_id}/switch-groupPUT /api/v1/persons/{person_id}/user-linkGET /api/v1/persons/{person_id}/invitationsGET /api/v1/persons/meGET /api/v1/eventsPOST /api/v1/eventsGET /api/v1/events/{event_id}PUT /api/v1/events/{event_id}DELETE /api/v1/events/{event_id}POST /api/v1/events/{event_id}/publishGET /api/v1/events/{event_id}/guestsPOST /api/v1/events/{event_id}/guestsGET /api/v1/events/{event_id}/guests/{person_id}DELETE /api/v1/events/{event_id}/guests/{person_id}PUT /api/v1/events/{event_id}/guests/{person_id}/statusPUT /api/v1/events/{event_id}/guests/{person_id}/paymentGET /api/v1/events/{event_id}/guests/{person_id}/rolePUT /api/v1/events/{event_id}/guests/{person_id}/roleGET /api/v1/events/{event_id}/guests/{person_id}/form-draftPUT /api/v1/events/{event_id}/guests/{person_id}/form-draftPUT /api/v1/events/{event_id}/guests/{person_id}/form-finalPUT /api/v1/events/{event_id}/guests/{person_id}/form-overrideGET /api/v1/events/{event_id}/formPUT /api/v1/events/{event_id}/formGET /api/v1/events/{event_id}/rolesPOST /api/v1/events/{event_id}/rolesGET /api/v1/events/{event_id}/roles/{role_id}PUT /api/v1/events/{event_id}/roles/{role_id}DELETE /api/v1/events/{event_id}/roles/{role_id}GET /api/v1/groupsPOST /api/v1/groupsGET /api/v1/groups/{group_id}PUT /api/v1/groups/{group_id}DELETE /api/v1/groups/{group_id}GET /api/v1/groups/{group_id}/membersPOST /api/v1/groups/{group_id}/membersDELETE /api/v1/groups/{group_id}/members/{person_id}POST /api/v1/groups/{group_id}/join-requestPUT /api/v1/groups/{group_id}/join-request/{person_id}GET /api/v1/templatesPOST /api/v1/templatesGET /api/v1/templates/{template_id}PUT /api/v1/templates/{template_id}DELETE /api/v1/templates/{template_id}GET /api/v1/invoices/health,PUT .../consent,GET /api/v1/i18n,GET /api/v1/i18n/{lang}auth.test.ts:requireConsent-Hook (fehlender Consent → 403, vorhandener Consent → pass)openapi.yaml: 403-Responses mit Consent-Hinweis ergaenzendesign.md: Autorisierungsmatrix (§5.1) umrequireConsent-Hook ergaenzenAbhaengigkeiten
Technische Hinweise
consentsreicht aus)policyVersionwird aktuell nicht auf Gueltigkeit geprueft (zukunftiger Task)