Implement admin back-pass flow and guarded admin actions

2026-02-08 14:20:38 +01:00
parent 4ee327fb4e
commit 5595bfd3b1
25 changed files with 572 additions and 109 deletions
--- a/README.md
+++ b/README.md
@@ -25,7 +25,9 @@ Pick'n'Play is a .NET 10 ASP.NET Core Minimal API app with a static HTML/CSS/JS
 - Authentication: username/password with HttpOnly `player` cookie.
 - Admin authorization: authenticated account with `IsAdmin=true`.
 - Gameplay phases: `Suggest`, `Vote`, `Results`.
+- Backward movement: admins can move backward; players can move `Vote -> Suggest` only when granted a one-time back pass.
 - Storage: SQLite database under `App_Data/gamelist.db`.
+- Sensitive admin actions (`reset`, `factory-reset`, player deletion) require admin password confirmation.

 ## Module Ownership