feat(gro-203): add requireSuperUser() middleware + route guards

- Added requireSuperUser() middleware in apps/api/src/middleware/rbac.ts that checks staff.isSuperUser, returns 403 if false - Wired into index.ts: - POST/PATCH/DELETE /api/staff/* → requireSuperUser() after requireRole("manager") - /api/admin/settings/* → requireSuperUser() after requireRole("manager") - resolveStaffMiddleware: inject isSuperUser: true for AUTH_DISABLED dev mode Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-28 20:50:48 +00:00
parent a547931f9b
commit 1c82a75a88
2 changed files with 34 additions and 3 deletions
@@ -134,6 +134,13 @@
      "when": 1774598400000,
      "tag": "0018_backfill_staff_user_id",
      "breakpoints": true
+    },
+    {
+      "idx": 19,
+      "version": "7",
+      "when": 1774729055924,
+      "tag": "0019_concerned_sunfire",
+      "breakpoints": true
    }
  ]
 }