Merge feature/permissions-hardening: RBAC hardening + B-lite + P0 UX
Phase A (security): permission registry, audit log on perm/feature changes, token_version bump on permission changes. B-lite: requireFeature middleware blocks API on disabled global flags. P0 UX: search, modified-dot, confirm on critical perms, badge wording. Conflict resolution: admin.js monolith was restructured into frontend/js/admin/sections/* by feature/admin-redesign merge. P0 UX edits (originally in monolith) were manually ported to: - sections/permissions.js — modDot, confirm gate, filterPermissions - sections/users.js — 'Инд.' → 'Индивидуально' badge in user-perms modal admin.html search input + dot CSS auto-merged cleanly.
This commit is contained in:
Maxim Dolgolyov
@@ -1,10 +1,14 @@
|
||||
const router = require('express').Router();
|
||||
const { authMiddleware } = require('../middleware/auth');
|
||||
const { requireFeature } = require('../middleware/features');
|
||||
const c = require('../controllers/gamesController');
|
||||
|
||||
router.get('/hangman/word', authMiddleware, c.hangmanWord);
|
||||
router.post('/hangman/complete', authMiddleware, c.hangmanComplete);
|
||||
router.get('/crossword/generate', authMiddleware, c.crosswordGenerate);
|
||||
router.post('/crossword/complete', authMiddleware, c.crosswordComplete);
|
||||
const hangman = requireFeature('hangman');
|
||||
const crossword = requireFeature('crossword');
|
||||
|
||||
router.get('/hangman/word', hangman, authMiddleware, c.hangmanWord);
|
||||
router.post('/hangman/complete', hangman, authMiddleware, c.hangmanComplete);
|
||||
router.get('/crossword/generate', crossword, authMiddleware, c.crosswordGenerate);
|
||||
router.post('/crossword/complete', crossword, authMiddleware, c.crosswordComplete);
|
||||
|
||||
module.exports = router;
|
||||
|
||||
Reference in New Issue
Block a user