Update dependencies to include TinyMCE and Quill, enhance Navigation component with a new Newsletter submenu, and implement role-based access control for CMS features. Refactor user role handling to support multiple roles and improve user management functionality across various API endpoints.

server/api/cms/users/update-role.post.js

@@ -1,11 +1,11 @@
-import { getUserFromToken, readUsers, writeUsers } from '../../../utils/auth.js'
+import { getUserFromToken, readUsers, writeUsers, hasAnyRole, migrateUserRoles } from '../../../utils/auth.js'
 
 export default defineEventHandler(async (event) => {
   try {
     const token = getCookie(event, 'auth_token')
     const currentUser = await getUserFromToken(token)
 
-    if (!currentUser || (currentUser.role !== 'admin' && currentUser.role !== 'vorstand')) {
+    if (!currentUser || !hasAnyRole(currentUser, 'admin')) {
       throw createError({
         statusCode: 403,
         message: 'Zugriff verweigert'
@@ -13,12 +13,15 @@ export default defineEventHandler(async (event) => {
     }
 
     const body = await readBody(event)
-    const { userId, role } = body
+    const { userId, roles } = body
 
-    if (!['mitglied', 'vorstand', 'admin'].includes(role)) {
+    const validRoles = ['mitglied', 'vorstand', 'admin', 'newsletter']
+    const rolesArray = Array.isArray(roles) ? roles : (roles ? [roles] : ['mitglied'])
+    
+    if (!rolesArray.every(r => validRoles.includes(r))) {
       throw createError({
         statusCode: 400,
-        message: 'Ungültige Rolle'
+        message: 'Ungültige Rolle(n)'
       })
     }
 
@@ -32,7 +35,11 @@ export default defineEventHandler(async (event) => {
       })
     }
 
-    user.role = role
+    // Migriere Benutzer falls nötig
+    migrateUserRoles(user)
+    
+    // Setze Rollen
+    user.roles = rolesArray
     const updatedUsers = users.map(u => u.id === userId ? user : u)
     await writeUsers(updatedUsers)