wdevs/ResolveSpec
3
0
Fork 0
mirror of https://github.com/bitechdev/ResolveSpec.git synced 2026-03-07 05:58:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(security): add model rules enforcement for update and delete operations

Browse Source 
- Implement BeforeUpdate and BeforeDelete hooks to enforce CanUpdate and CanDelete rules.
- Introduce new security context for websocketspec to manage security hooks.
- Enhance error handling in delete operations to provide clearer feedback.
This commit is contained in:
Warky
2026-02-28 22:53:21 +02:00
parent ea4a4371ba
commit e4087104a9
9 changed files with 280 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/restheadspec/security_hooks.go
View File

@@ -33,6 +33,18 @@ func RegisterSecurityHooks(handler *Handler, securityList *security.SecurityList
return security.LogDataAccess(secCtx)
})
// Hook 5: BeforeUpdate - enforce CanUpdate rule from context/registry
handler.Hooks().Register(BeforeUpdate, func(hookCtx *HookContext) error {
secCtx := newSecurityContext(hookCtx)
return security.CheckModelUpdateAllowed(secCtx)
})
// Hook 6: BeforeDelete - enforce CanDelete rule from context/registry
handler.Hooks().Register(BeforeDelete, func(hookCtx *HookContext) error {
secCtx := newSecurityContext(hookCtx)
return security.CheckModelDeleteAllowed(secCtx)
})
logger.Info("Security hooks registered for restheadspec handler")
}