Draft: Authorization

What is new and why?

Extend the existing authentication stack with permission based authorization. This makes it possible to grant different sets of users access to different endpoints.

Authorization is entirely implemented in Core.

Related issues

#38

Author's TODOs

• if the licence_check-stage is not green: Download artefact (view in browser does not work for now) and check findings.json
• merged latest version of target branch (e.g., main or dev) into your branch
• check if SPDX identifier MPL-2.0 and Copyright-Text 2025 Land Baden-Württemberg <InnoLab@stm.bwl.de> exists in newly created and/or hasn't been deleted somehow in existing files
• adapted the readme
• Revised/new code parts have no # noqa directives
• Optional: Changelog adapted (further information)
• Optional: Update OpenAPI documentation whenever endpoints, API input classes, or API output classes change (see details)
• Update documentation in docs repo
• Update frontend to play nicely with permissions

Reviewer's TODOs

• Check if the Author did their checks well enough
• Tried out if the cause of the issue is solved as intended
• Check that code with old # noqa directives were revised
• Check that no new # noqa directives are included
• Optional: Changelog adapted (further information)

To keep in mind

• pre-commit used
• added logging output were necessary
• added/adjusted Errorhandling to avoid unwanted crashes and make proper debugging and testing possible
• Changelog has to be adapted before merging, at latest in the f13::inAbnahme step