Files
nick-doc/Taskmaster/Tasks/task-4-4.md
Siavash Sameni 4cf5c49274 docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
2026-05-24 11:16:29 +04:00

36 lines
1.0 KiB
Markdown

---
taskmaster_id: "4.4"
status: "pending"
priority: "high"
depends_on: ["2"]
parent_id: "4"
source: "taskmaster"
generated_at: "2026-05-24T07:15:25.199Z"
---
# 4.4 - Create authorization matrix for REST and Socket.IO
- [ ] 4.4 - Create authorization matrix for REST and Socket.IO #taskmaster #priority/high #status/pending ⏫ 🆔 tm-4-4 ⛔ tm-2
## Metadata
| Field | Value |
| --- | --- |
| Taskmaster ID | 4.4 |
| Status | pending |
| Priority | high |
| Dependencies | 2 |
| Parent | 4 - Define backend security and refactor strategy from latest audit |
## Description
Map every endpoint and realtime event to access level, ownership checks, state preconditions, rate-limit tier, and audit-log requirement.
## Details
Include public/authenticated/owner/buyer/seller/admin/support/service-role classifications. Socket.IO rooms must be server-derived from authenticated identity, not client-supplied user IDs.
## Verification
No route or socket event remains unmapped; implementation tasks can reference matrix rows directly.