Enhance authentication checks in CMS API endpoints; implement user role validation for admin and board access. Refactor Spielpläne API to remove unnecessary logging and improve error handling. Update tests to mock user authentication and ensure proper validation of file uploads.

server/api/cms/save-csv.post.js

@@ -1,8 +1,26 @@
 import fs from 'fs/promises'
 import path from 'path'
+import { getUserFromToken } from '../../utils/auth.js'
 
 export default defineEventHandler(async (event) => {
   try {
+    const token = getCookie(event, 'auth_token')
+    const currentUser = token ? await getUserFromToken(token) : null
+
+    if (!currentUser) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Nicht authentifiziert'
+      })
+    }
+
+    if (currentUser.role !== 'admin' && currentUser.role !== 'vorstand') {
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Keine Berechtigung'
+      })
+    }
+
     const { filename, content } = await readBody(event)
     
     if (!filename || !content) {