From b9adf6da840e1a6ae6028424d6a45a924625f7e6 Mon Sep 17 00:00:00 2001 From: Lars Date: Sun, 10 May 2026 12:07:52 +0200 Subject: [PATCH] fix(access-layer): legal_documents in EXEMPT_ROUTERS eintragen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Router hat keinen Vereinsbezug (Plattform-Rechtstexte). Öffentlicher Endpoint ohne Auth; Admin-Endpoints require_auth + is_superadmin(). ACCESS_LAYER_STRICT schlägt jetzt nicht mehr an. Co-Authored-By: Claude Sonnet 4.6 --- backend/routers/legal_documents.py | 3 +++ backend/scripts/check_access_layer_hints.py | 1 + 2 files changed, 4 insertions(+) diff --git a/backend/routers/legal_documents.py b/backend/routers/legal_documents.py index 2d1ecad..98d2c45 100644 --- a/backend/routers/legal_documents.py +++ b/backend/routers/legal_documents.py @@ -22,6 +22,9 @@ from auth import require_auth from club_tenancy import is_superadmin from db import get_db, get_cursor, r2d +# ACCESS_LAYER exempt: Plattform-Rechtstexte ohne Vereinsbezug. +# Öffentlicher GET-Endpoint ohne jegliche Auth; Admin-Endpoints nutzen require_auth + is_superadmin(). +# Eingetragen in backend/scripts/check_access_layer_hints.py EXEMPT_ROUTERS. router = APIRouter(tags=["legal_documents"]) VALID_TYPES = {"impressum", "privacy_policy", "terms_of_use", "media_policy"} diff --git a/backend/scripts/check_access_layer_hints.py b/backend/scripts/check_access_layer_hints.py index a85422f..e23eed3 100644 --- a/backend/scripts/check_access_layer_hints.py +++ b/backend/scripts/check_access_layer_hints.py @@ -22,6 +22,7 @@ EXEMPT_ROUTERS: frozenset[str] = frozenset( "auth.py", "admin_users.py", "platform_media_storage.py", + "legal_documents.py", # ACCESS_LAYER exempt: Plattform-Rechtstexte ohne Vereinsbezug; öffentlicher Endpoint ohne Auth, Admin-Endpoints require_auth + is_superadmin() "catalogs.py", "skills.py", "maturity_models.py",