Add owner role and admin management controls

2026-02-08 19:01:58 +01:00
parent 97f1b30b75
commit 1c59d68a50
25 changed files with 540 additions and 9 deletions
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ Pick'n'Play is a .NET 10 ASP.NET Core Minimal API app with a static HTML/CSS/JS

 - Authentication: username/password with HttpOnly `player` cookie.
 - Admin authorization: authenticated account with `IsAdmin=true`.
+- Owner model: first valid admin-key registration becomes `owner`; admins can grant/revoke admin role for non-owner accounts.
 - Gameplay phases: `Suggest`, `Vote`, `Results`.
 - Storage: SQLite database under `App_Data/gamelist.db`.
 - Security defaults: rate-limited auth/admin routes, baseline browser security headers, production HTTPS+HSTS enforcement.