From 90e8f515667ab58598ca3870996008d8080a176b Mon Sep 17 00:00:00 2001 From: Lars Date: Mon, 15 Jun 2026 15:27:03 +0200 Subject: [PATCH] Update Catalog Prompt Slots Router and Access Layer Exemptions - Added documentation to the `catalog_prompt_slots.py` file to clarify its role as a global admin catalog requiring authentication and admin role, without tenant context. - Updated the `check_access_layer_hints.py` script to include `catalog_prompt_slots.py` in the list of exempt routers, ensuring proper access control for admin functionalities. --- backend/routers/catalog_prompt_slots.py | 3 +++ backend/scripts/check_access_layer_hints.py | 1 + 2 files changed, 4 insertions(+) diff --git a/backend/routers/catalog_prompt_slots.py b/backend/routers/catalog_prompt_slots.py index 4367282..b843a70 100644 --- a/backend/routers/catalog_prompt_slots.py +++ b/backend/routers/catalog_prompt_slots.py @@ -1,5 +1,8 @@ """ API: Katalog-Prompt-Slots (Stammdaten × Slot-Typ). + +Globaler Admin-Katalog (wie catalogs.py) — require_auth + Admin-Rolle, kein TenantContext. +Eingetragen in backend/scripts/check_access_layer_hints.py EXEMPT_ROUTERS. """ from __future__ import annotations diff --git a/backend/scripts/check_access_layer_hints.py b/backend/scripts/check_access_layer_hints.py index 30ad5ff..8ade257 100644 --- a/backend/scripts/check_access_layer_hints.py +++ b/backend/scripts/check_access_layer_hints.py @@ -29,6 +29,7 @@ EXEMPT_ROUTERS: frozenset[str] = frozenset( "admin_user_content.py", # Superadmin Moderation nutzerangelegter Inhalte; require_auth + is_superadmin — kein Vereinsmandant "admin_rights.py", # Superadmin Rollen/Rechte (Capabilities, Kontingent-Bypass, Pläne); require_auth + is_superadmin — kein Vereinsmandant "catalogs.py", + "catalog_prompt_slots.py", # Admin Stammdaten KI-Prompt-Slots; require_auth + admin/superadmin — globaler Katalog, kein Vereinsmandant "skills.py", "maturity_models.py", "matrix_stack_bundle.py",