Lars/shinkan-jinkendo
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Update ACCESS_LAYER_ENDPOINT_AUDIT and Matrix Editor Documentation
All checks were successful
Deploy Development / deploy (push) Successful in 42s
Details
Test Suite / pytest-backend (push) Successful in 39s
Details
Test Suite / lint-backend (push) Successful in 0s
Details
Test Suite / build-frontend (push) Successful in 12s
Details
Test Suite / k6 /health Baseline (push) Successful in 33s
Details
Test Suite / playwright-tests (push) Successful in 1m20s
Details
Test Suite / pytest-backend (pull_request) Successful in 35s
Details
Test Suite / lint-backend (pull_request) Successful in 0s
Details
Test Suite / build-frontend (pull_request) Successful in 12s
Details
Test Suite / k6 /health Baseline (pull_request) Successful in 33s
Details
Test Suite / playwright-tests (pull_request) Successful in 1m13s
Details

Browse Source 
- Added the `matrix_editor` endpoint to the ACCESS_LAYER_ENDPOINT_AUDIT.md, specifying its access requirements and exempt status for superadmins.
- Updated comments in the `matrix_editor.py` file to clarify its role as a superadmin tool and its access restrictions.
- Included the `matrix_editor.py` in the EXEMPT_ROUTERS list in the access layer hints script, ensuring proper access control documentation.
This commit is contained in:
Lars 2026-05-22 11:54:59 +02:00
parent d58db3d5dd
commit e22266a18c
3 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.claude/docs/working/ACCESS_LAYER_ENDPOINT_AUDIT.md
View File

@ -33,6 +33,7 @@ Fortlaufend gemäß `ACCESS_LAYER_AND_GOVERNANCE_PLAN.md` Stufe AC.
| skills | `/api/skills*` | nein (global) | `require_auth` | je Endpoint | EXEMPT |
| maturity_models | Admin-Matrix | nein (global) | `require_auth` | Admin für Schreiben; `GET …/{id}` nur Portal-Admin | EXEMPT |
| matrix_stack_bundle | Export/Import Bundles | Plattform/Test | `require_auth` | Admin | EXEMPT |
| matrix_editor | `/api/admin/matrix-editor/*` (Export/Import Editor-Bundle) | Plattform | `require_auth` | nur `superadmin` | EXEMPT; globale Fähigkeitsmatrix ohne Mandantenkontext |
| import_wiki / import_wiki_admin | Wiki-Import | Werkzeug | `require_auth`/Admin | Admin | EXEMPT |
| ai_skill_retrieval_admin | `/api/admin/ai-skill-retrieval-profiles*` (CRUD) | Plattform | `require_auth` | nur `superadmin`; JSON `config` | EXEMPT wie `admin_users`; kein Vereinsbezug |
| ai_prompts_admin | `/api/admin/ai-prompts*` (Liste, Detail, PUT, Preview, Reset) | Plattform | `require_auth` | nur `superadmin` | EXEMPT; globale `ai_prompts` ohne Mandantenkontext |

1
backend/routers/matrix_editor.py
View File

@ -5,6 +5,7 @@ Fokus: Beschreibungen und Gewichtungen (skills.importance, model_skills.relevanc
skill_level_definitions, model_skill_levels) flaches, bearbeitbares Format.
Kein Vereinsbezug require_auth + is_superadmin; kein TenantContext.
# ACCESS_LAYER exempt: Plattform-Superadmin-Tool; globale Fähigkeitsmatrix ohne Mandantenkontext
"""
from __future__ import annotations

1
backend/scripts/check_access_layer_hints.py
View File

@ -29,6 +29,7 @@ EXEMPT_ROUTERS: frozenset[str] = frozenset(
"skills.py",
"maturity_models.py",
"matrix_stack_bundle.py",
"matrix_editor.py", # Superadmin Editor-Export/Import Fähigkeitsmatrix; require_auth + is_superadmin — kein Vereinsmandant
"import_wiki.py",
"import_wiki_admin.py",
}