diff --git a/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md b/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md index 7f3f3a3..b4b74bf 100644 --- a/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md +++ b/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md @@ -4,7 +4,9 @@ title: "PATCH /api/disputes/:id/status and POST /api/disputes/:id/resolve have n severity: critical domain: Dispute labels: [security, bug, backend, privilege-escalation] -status: open +status: resolved +resolved: 2026-05-29 +fix: "Added authorizeRoles('admin') middleware to PATCH /:id/status and POST /:id/resolve in backend/src/routes/disputeRoutes.ts" created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- diff --git a/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md b/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md index e1c1143..59491f2 100644 --- a/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md +++ b/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md @@ -4,7 +4,9 @@ title: "POST /api/disputes/:id/assign has no role guard — any user can self-as severity: critical domain: Dispute labels: [security, bug, backend, privilege-escalation] -status: open +status: resolved +resolved: 2026-05-29 +fix: "Added authorizeRoles('admin') middleware to POST /:id/assign in backend/src/routes/disputeRoutes.ts" created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- diff --git a/Issues/Issues Index.md b/Issues/Issues Index.md index 40e6328..3d1d515 100644 --- a/Issues/Issues Index.md +++ b/Issues/Issues Index.md @@ -1,7 +1,7 @@ # Issues Index > Generated from Doc vs Code Audit — 2026-05-29 · last reconciled 2026-05-29 -> **53 open issues** | 🔴 14 critical · 🟠 39 major · 🟡 0 minor · ⚪ 1 invalid (stale audit) +> **51 open issues** | 🔴 12 critical · 🟠 39 major · 🟡 0 minor · ⚪ 1 invalid (stale audit) · ✅ 2 resolved ## 🔴 Critical