Add CMS termine editor for admin and vorstand

2025-10-21 15:57:42 +02:00
parent 201de0a278
commit 1cbfbaf754
15 changed files with 779 additions and 229 deletions
--- a/server/api/termine-manage.delete.js
+++ b/server/api/termine-manage.delete.js
@@ -0,0 +1,60 @@
+import { verifyToken, getUserById } from '../utils/auth.js'
+import { deleteTermin } from '../utils/termine.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const user = await getUserById(decoded.id)
+
+    // Only admin and vorstand can delete termine
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        message: 'Keine Berechtigung zum Löschen von Terminen.'
+      })
+    }
+
+    const query = getQuery(event)
+    const { datum, titel, beschreibung, kategorie } = query
+
+    if (!datum || !titel) {
+      throw createError({
+        statusCode: 400,
+        message: 'Datum und Titel sind erforderlich.'
+      })
+    }
+
+    await deleteTermin({
+      datum,
+      titel,
+      beschreibung: beschreibung || '',
+      kategorie: kategorie || 'Sonstiges'
+    })
+
+    return {
+      success: true,
+      message: 'Termin erfolgreich gelöscht.'
+    }
+  } catch (error) {
+    console.error('Fehler beim Löschen des Termins:', error)
+    throw error
+  }
+})
+
--- a/server/api/termine-manage.get.js
+++ b/server/api/termine-manage.get.js
@@ -0,0 +1,45 @@
+import { verifyToken, getUserById } from '../utils/auth.js'
+import { readTermine } from '../utils/termine.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const user = await getUserById(decoded.id)
+
+    // Only admin and vorstand can manage termine
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        message: 'Keine Berechtigung zum Verwalten von Terminen.'
+      })
+    }
+
+    const termine = await readTermine()
+
+    return {
+      success: true,
+      termine
+    }
+  } catch (error) {
+    console.error('Fehler beim Abrufen der Termine:', error)
+    throw error
+  }
+})
+
--- a/server/api/termine-manage.post.js
+++ b/server/api/termine-manage.post.js
@@ -0,0 +1,60 @@
+import { verifyToken, getUserById } from '../utils/auth.js'
+import { saveTermin } from '../utils/termine.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const user = await getUserById(decoded.id)
+
+    // Only admin and vorstand can create termine
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        message: 'Keine Berechtigung zum Erstellen von Terminen.'
+      })
+    }
+
+    const body = await readBody(event)
+    const { datum, titel, beschreibung, kategorie } = body
+
+    if (!datum || !titel) {
+      throw createError({
+        statusCode: 400,
+        message: 'Datum und Titel sind erforderlich.'
+      })
+    }
+
+    await saveTermin({
+      datum,
+      titel,
+      beschreibung: beschreibung || '',
+      kategorie: kategorie || 'Sonstiges'
+    })
+
+    return {
+      success: true,
+      message: 'Termin erfolgreich gespeichert.'
+    }
+  } catch (error) {
+    console.error('Fehler beim Speichern des Termins:', error)
+    throw error
+  }
+})
+
--- a/server/data/news.json
+++ b/server/data/news.json
@@ -4,9 +4,9 @@
    "title": "Wir starten durch!",
    "content": "Endlich ist es so weit! Willkommen.",
    "author": "Admin",
-    "isPublic": false,
+    "isPublic": true,
    "created": "2025-10-21T13:34:28.915Z",
-    "updated": "2025-10-21T13:53:16.820Z"
+    "updated": "2025-10-21T13:54:57.247Z"
  },
  {
    "id": "660e8400-e29b-41d4-a716-446655440002",
--- a/server/utils/termine.js
+++ b/server/utils/termine.js
@@ -0,0 +1,133 @@
+import { promises as fs } from 'fs'
+import path from 'path'
+import { randomUUID } from 'crypto'
+
+// Handle both dev and production paths
+const getDataPath = (filename) => {
+  const cwd = process.cwd()
+  
+  // In production (.output/server), working dir is .output
+  if (cwd.endsWith('.output')) {
+    return path.join(cwd, '../public/data', filename)
+  }
+  
+  // In development, working dir is project root
+  return path.join(cwd, 'public/data', filename)
+}
+
+const TERMINE_FILE = getDataPath('termine.csv')
+
+// Parse CSV to array of objects
+export async function readTermine() {
+  try {
+    const data = await fs.readFile(TERMINE_FILE, 'utf-8')
+    const lines = data.split('\n').filter(line => line.trim() !== '')
+    
+    if (lines.length < 2) return []
+    
+    // Parse CSV with quote handling
+    const termine = []
+    for (let i = 1; i < lines.length; i++) {
+      const values = []
+      let current = ''
+      let inQuotes = false
+      
+      for (let j = 0; j < lines[i].length; j++) {
+        const char = lines[i][j]
+        
+        if (char === '"') {
+          inQuotes = !inQuotes
+        } else if (char === ',' && !inQuotes) {
+          values.push(current.trim())
+          current = ''
+        } else {
+          current += char
+        }
+      }
+      values.push(current.trim())
+      
+      if (values.length >= 4) {
+        termine.push({
+          id: randomUUID(), // Generate ID on-the-fly for editing
+          datum: values[0],
+          titel: values[1],
+          beschreibung: values[2],
+          kategorie: values[3]
+        })
+      }
+    }
+    
+    return termine
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return []
+    }
+    console.error('Fehler beim Lesen der Termine:', error)
+    return []
+  }
+}
+
+// Write array of objects to CSV
+export async function writeTermine(termine) {
+  try {
+    let csv = '"datum","titel","beschreibung","kategorie"\n'
+    
+    for (const termin of termine) {
+      const datum = termin.datum || ''
+      const titel = termin.titel || ''
+      const beschreibung = termin.beschreibung || ''
+      const kategorie = termin.kategorie || ''
+      
+      // Escape quotes in values
+      const escapedDatum = datum.replace(/"/g, '""')
+      const escapedTitel = titel.replace(/"/g, '""')
+      const escapedBeschreibung = beschreibung.replace(/"/g, '""')
+      const escapedKategorie = kategorie.replace(/"/g, '""')
+      
+      csv += `"${escapedDatum}","${escapedTitel}","${escapedBeschreibung}","${escapedKategorie}"\n`
+    }
+    
+    await fs.writeFile(TERMINE_FILE, csv, 'utf-8')
+    return true
+  } catch (error) {
+    console.error('Fehler beim Schreiben der Termine:', error)
+    return false
+  }
+}
+
+// Add or update termin
+export async function saveTermin(terminData) {
+  const termine = await readTermine()
+  
+  // Always add as new (CSV doesn't have persistent IDs)
+  const newTermin = {
+    datum: terminData.datum,
+    titel: terminData.titel,
+    beschreibung: terminData.beschreibung || '',
+    kategorie: terminData.kategorie || 'Sonstiges'
+  }
+  
+  termine.push(newTermin)
+  
+  // Sort by date
+  termine.sort((a, b) => new Date(a.datum) - new Date(b.datum))
+  
+  await writeTermine(termine)
+  return true
+}
+
+// Delete termin by matching all fields (since we don't have persistent IDs)
+export async function deleteTermin(terminData) {
+  let termine = await readTermine()
+  
+  termine = termine.filter(t => 
+    !(t.datum === terminData.datum && 
+      t.titel === terminData.titel &&
+      t.beschreibung === terminData.beschreibung &&
+      t.kategorie === terminData.kategorie)
+  )
+  
+  await writeTermine(termine)
+  return true
+}
+