senke a90b584e53 fix(security): protect admin routes with role check ... Previously, any authenticated user could access /admin, /admin/moderation, /admin/platform, /admin/transfers, and /admin/roles — the ProtectedRoute only checked isAuthenticated, not role. Exposed the admin Command Center UI to listeners/creators (critical security flaw). Changes: - ProtectedRoute accepts requireAdmin prop; redirects to /dashboard when authenticated user lacks admin/super_admin role or is_admin=true - New wrapAdminProtected() helper in routeConfig - All /admin/* routes now use wrapAdminProtected Note: Backend API still enforces admin checks independently — this fix only prevents the UI from being shown to non-admins. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-04-05 16:19:16 +02:00
..
AppRouter.tsx	fix: stabilize frontend — 98 TS errors to 0, align API endpoints, optimize bundle	2026-03-24 21:18:49 +01:00
index.test.tsx	fix(a11y): fix heading hierarchy h1→h3 gaps on 8 pages	2026-03-25 10:14:18 +01:00
index.tsx	refactor(web): split router into module (PublicRoute, ProtectedLayoutRoute, routeConfig)	2026-02-07 04:16:37 +01:00
ProtectedLayoutRoute.tsx	refactor(web): split router into module (PublicRoute, ProtectedLayoutRoute, routeConfig)	2026-02-07 04:16:37 +01:00
PublicRoute.tsx	refactor(web): split router into module (PublicRoute, ProtectedLayoutRoute, routeConfig)	2026-02-07 04:16:37 +01:00
routeConfig.tsx	fix(security): protect admin routes with role check	2026-04-05 16:19:16 +02:00
types.ts	refactor(web): split router into module (PublicRoute, ProtectedLayoutRoute, routeConfig)	2026-02-07 04:16:37 +01:00