From 71b249bf3173ab6ab1b103d91d3e84ca98030288 Mon Sep 17 00:00:00 2001 From: Marcel Date: Sat, 2 May 2026 17:23:03 +0200 Subject: [PATCH] feat(security): add BLOG_WRITE permission and GESCHICHTE_NOT_FOUND error code Foundation for the Geschichten (story) domain (issue #381). BLOG_WRITE gates authoring of family memory stories; GESCHICHTE_NOT_FOUND is also returned for DRAFTs requested by users without BLOG_WRITE so existence is not leaked. Co-Authored-By: Claude Opus 4.7 --- .../java/org/raddatz/familienarchiv/exception/ErrorCode.java | 4 ++++ .../java/org/raddatz/familienarchiv/security/Permission.java | 1 + 2 files changed, 5 insertions(+) diff --git a/backend/src/main/java/org/raddatz/familienarchiv/exception/ErrorCode.java b/backend/src/main/java/org/raddatz/familienarchiv/exception/ErrorCode.java index 517eb1da..63b4afe4 100644 --- a/backend/src/main/java/org/raddatz/familienarchiv/exception/ErrorCode.java +++ b/backend/src/main/java/org/raddatz/familienarchiv/exception/ErrorCode.java @@ -103,6 +103,10 @@ public enum ErrorCode { /** A relationship with the same (person, relatedPerson, type) already exists. 409 */ DUPLICATE_RELATIONSHIP, + // --- Geschichten (Stories) --- + /** A Geschichte (story) with the given ID does not exist, or is a DRAFT and the caller lacks BLOG_WRITE. 404 */ + GESCHICHTE_NOT_FOUND, + // --- Tags --- /** A tag with the given ID does not exist. 404 */ TAG_NOT_FOUND, diff --git a/backend/src/main/java/org/raddatz/familienarchiv/security/Permission.java b/backend/src/main/java/org/raddatz/familienarchiv/security/Permission.java index f26e6c85..ab5e6ace 100644 --- a/backend/src/main/java/org/raddatz/familienarchiv/security/Permission.java +++ b/backend/src/main/java/org/raddatz/familienarchiv/security/Permission.java @@ -4,6 +4,7 @@ public enum Permission { READ_ALL, WRITE_ALL, ANNOTATE_ALL, + BLOG_WRITE, ADMIN, ADMIN_USER, ADMIN_TAG,