fix(access-layer): legal_documents in EXEMPT_ROUTERS eintragen

Router hat keinen Vereinsbezug (Plattform-Rechtstexte). Öffentlicher Endpoint ohne Auth; Admin-Endpoints require_auth + is_superadmin(). ACCESS_LAYER_STRICT schlägt jetzt nicht mehr an. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-10 12:07:52 +02:00 · 2026-05-10 12:07:52 +02:00 · b9adf6da84
commit b9adf6da84
parent 80936b226d
2 changed files with 4 additions and 0 deletions
--- a/backend/routers/legal_documents.py
+++ b/backend/routers/legal_documents.py
@ -22,6 +22,9 @@ from auth import require_auth
 from club_tenancy import is_superadmin
 from db import get_db, get_cursor, r2d

+# ACCESS_LAYER exempt: Plattform-Rechtstexte ohne Vereinsbezug.
+# Öffentlicher GET-Endpoint ohne jegliche Auth; Admin-Endpoints nutzen require_auth + is_superadmin().
+# Eingetragen in backend/scripts/check_access_layer_hints.py EXEMPT_ROUTERS.
 router = APIRouter(tags=["legal_documents"])

 VALID_TYPES = {"impressum", "privacy_policy", "terms_of_use", "media_policy"}
--- a/backend/scripts/check_access_layer_hints.py
+++ b/backend/scripts/check_access_layer_hints.py
@ -22,6 +22,7 @@ EXEMPT_ROUTERS: frozenset[str] = frozenset(
        "auth.py",
        "admin_users.py",
        "platform_media_storage.py",
+        "legal_documents.py",  # ACCESS_LAYER exempt: Plattform-Rechtstexte ohne Vereinsbezug; öffentlicher Endpoint ohne Auth, Admin-Endpoints require_auth + is_superadmin()
        "catalogs.py",
        "skills.py",
        "maturity_models.py",