feat(auth): implement and verify authorization for all endpoints #71

Merged

chartgerink merged 11 commits from fix/54 into main 2025-08-21 12:26:01 +00:00

Conversation 0 Commits 11 Files changed 22 +777 -229

chartgerink commented 2025-08-21 11:45:51 +00:00

Owner

Copy link

• add authorization methods (role-based and generic traits for user-based)
• add Authorizable trait models
• add role-based access for POST, DELETE, PUT of institutions
• add self or admin access for users and affiliations
• add resource-based access for authorships, outputs, invitations, and versions

Fixes #54. All routes with JwtMiddleware need to implement authorization from here on.

- add authorization methods (role-based and generic traits for user-based) - add `Authorizable` trait models - add role-based access for POST, DELETE, PUT of `institutions` - add self or admin access for `users` and `affiliations` - add resource-based access for `authorships`, `outputs`, `invitations`, and `versions` Fixes #54. All routes with `JwtMiddleware` need to implement authorization from here on.

chartgerink added 11 commits 2025-08-21 11:45:51 +00:00

add require_admin_role authorization 06b3f5afa3

update institution authorization and tests 29803e2172

add user authorization generics f58b681366

add authorships authorization logic de6f09e4ee

add authorization for users endpoints b265165ff4

add affiliations authorization df2f3ecda9

add generic user_can_modify method for Authorizable trait 8c63287cf6

add output and version authorization 74112385b8

cleanup 51f8cbbc3f

update integration tests, catch logic flaws 4ee1e3b5d3

add resource authorization for invitations 59c31789dc

chartgerink merged commit e8997c893a into main 2025-08-21 12:26:01 +00:00

chartgerink deleted branch fix/54 2025-08-21 12:26:01 +00:00

chartgerink referenced this pull request from a commit 2025-08-21 12:26:02 +00:00

feat(auth): implement and verify authorization for all endpoints (#71)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

critical

issues that are blocking other work, high importance + urgent

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

future

Not on the docket right now. Keeping the issue for future work.

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

critical

duplicate

enhancement

future

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: researchequals/api#71

No description provided.