From b77d84db5a9f4bb1e8287f6832df9dbd4b7c71b5 Mon Sep 17 00:00:00 2001 From: Madhura68 Date: Sun, 3 May 2026 01:11:12 +0200 Subject: [PATCH] docs(adr): add 0006-demo-user-three-layer-policy --- docs/adr/0006-demo-user-three-layer-policy.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 docs/adr/0006-demo-user-three-layer-policy.md diff --git a/docs/adr/0006-demo-user-three-layer-policy.md b/docs/adr/0006-demo-user-three-layer-policy.md new file mode 100644 index 0000000..cbcbc85 --- /dev/null +++ b/docs/adr/0006-demo-user-three-layer-policy.md @@ -0,0 +1,30 @@ +# ADR-0006: Demo-user write protection enforced in three layers + +## Status + +accepted + +## Context + +Scrum4Me has a demo account that allows prospective users to explore the app without signing up. The demo user must never be able to create, update, or delete any data. A single guard at one layer is insufficient: a bug or a missing check in any one layer would expose a write path. See `docs/architecture/auth-and-sessions.md` and `docs/plans/ST-1110-demo-readonly.md` for implementation details. + +## Decision + +Write protection for the demo user is enforced at **three independent layers**: + +1. **Network — `proxy.ts`:** The Next.js proxy middleware rejects all non-GET requests from demo sessions before they reach any route handler or server action. +2. **Server — every Server Action and Route Handler:** Each write endpoint checks `session.isDemo` and returns `403` immediately if true. +3. **UI — disabled buttons + ``:** Write controls (create, edit, delete, reorder) are rendered as `disabled` with a tooltip explaining the demo restriction. No write request is ever sent. + +## Consequences + +### Positive + +- Defense-in-depth: any single layer can fail independently without exposing a write path. +- Clear user feedback at the UI layer without relying on error responses. +- Straightforward to audit: search for `isDemo` to find all enforcement points. + +### Negative + +- Three enforcement sites for every new write operation — easy to miss one when adding a new feature. +- Mitigation: the `DemoTooltip` pattern is documented in `docs/patterns/` and enforced in code review.