backend/routers/legal_documents.py

@@ -22,6 +22,9 @@ from auth import require_auth
 from club_tenancy import is_superadmin
 from db import get_db, get_cursor, r2d
 
+# ACCESS_LAYER exempt: Plattform-Rechtstexte ohne Vereinsbezug.
+# Öffentlicher GET-Endpoint ohne jegliche Auth; Admin-Endpoints nutzen require_auth + is_superadmin().
+# Eingetragen in backend/scripts/check_access_layer_hints.py EXEMPT_ROUTERS.
 router = APIRouter(tags=["legal_documents"])
 
 VALID_TYPES = {"impressum", "privacy_policy", "terms_of_use", "media_policy"}

backend/scripts/check_access_layer_hints.py

@@ -22,6 +22,7 @@ EXEMPT_ROUTERS: frozenset[str] = frozenset(
         "auth.py",
         "admin_users.py",
         "platform_media_storage.py",
+        "legal_documents.py",  # ACCESS_LAYER exempt: Plattform-Rechtstexte ohne Vereinsbezug; öffentlicher Endpoint ohne Auth, Admin-Endpoints require_auth + is_superadmin()
         "catalogs.py",
         "skills.py",
         "maturity_models.py",