johan/inou - inou - Clavitor Git

Commit Graph

Author	SHA1	Message	Date
James	86e72b4f28	refactor: simplify RBAC to use accessorID string parameter Complete refactor from AccessContext struct to simple accessorID string parameter for RBAC enforcement, as requested. All access control remains in lib layer - API/Portal just pass accessor + dossier to lib functions. Changes: - Added accessorIDFromContext() helper in lib/v2.go - Updated all checkAccess() calls to extract accessorID from context - Updated all EntryList() calls (nil → "" for system context) - Fixed auth.go helper functions to extract accessorID - Updated categories API to pass accessor through to lib All RBAC enforcement stays in lib - no API-level access checks. Empty accessorID bypasses checks (system/internal operations). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-07 17:15:09 -05:00
Johan	94946baf00	Initial commit	2026-02-01 02:43:27 -05:00

Author

SHA1

Message

Date

James

86e72b4f28

refactor: simplify RBAC to use accessorID string parameter

Complete refactor from AccessContext struct to simple accessorID string
parameter for RBAC enforcement, as requested. All access control remains
in lib layer - API/Portal just pass accessor + dossier to lib functions.

Changes:
- Added accessorIDFromContext() helper in lib/v2.go
- Updated all checkAccess() calls to extract accessorID from context
- Updated all EntryList() calls (nil → "" for system context)
- Fixed auth.go helper functions to extract accessorID
- Updated categories API to pass accessor through to lib

All RBAC enforcement stays in lib - no API-level access checks.
Empty accessorID bypasses checks (system/internal operations).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-07 17:15:09 -05:00

Johan

94946baf00

Initial commit

2026-02-01 02:43:27 -05:00

2 Commits