Füge Unterstützung für Kontaktanfragen hinzu, einschließlich neuer Routen und Berechtigungen für Trainer und Vorstand. Aktualisiere E-Mail-Versandlogik, um Anfragen an alle relevanten Empfänger weiterzuleiten.

server/api/cms/contact-requests.get.js

@@ -0,0 +1,17 @@
+import { getUserFromToken, hasAnyRole } from '../../utils/auth.js'
+import { readContactRequests } from '../../utils/contact-requests.js'
+
+export default defineEventHandler(async (event) => {
+  const token = getCookie(event, 'auth_token')
+  const currentUser = token ? await getUserFromToken(token) : null
+
+  if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
+    throw createError({
+      statusCode: 403,
+      statusMessage: 'Zugriff verweigert'
+    })
+  }
+
+  const requests = await readContactRequests()
+  return requests
+})

server/api/cms/contact-requests/[id]/reply.post.js

@@ -0,0 +1,75 @@
+import nodemailer from 'nodemailer'
+import { getUserFromToken, hasAnyRole } from '../../../../utils/auth.js'
+import { addContactReply, readContactRequests } from '../../../../utils/contact-requests.js'
+
+function createTransporter() {
+  const smtpUser = process.env.SMTP_USER
+  const smtpPass = process.env.SMTP_PASS || process.env.EMAIL_PASSWORD
+  if (!smtpUser || !smtpPass) return null
+
+  return nodemailer.createTransport({
+    host: process.env.SMTP_HOST || 'smtp.gmail.com',
+    port: Number(process.env.SMTP_PORT || 587),
+    secure: process.env.SMTP_SECURE === 'true',
+    auth: { user: smtpUser, pass: smtpPass }
+  })
+}
+
+export default defineEventHandler(async (event) => {
+  const token = getCookie(event, 'auth_token')
+  const currentUser = token ? await getUserFromToken(token) : null
+
+  if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
+    throw createError({
+      statusCode: 403,
+      statusMessage: 'Zugriff verweigert'
+    })
+  }
+
+  const body = await readBody(event)
+  const replyMessage = String(body?.message || '').trim()
+  if (!replyMessage) {
+    throw createError({ statusCode: 400, statusMessage: 'Antworttext fehlt' })
+  }
+
+  const requestId = getRouterParam(event, 'id')
+  if (!requestId) {
+    throw createError({ statusCode: 400, statusMessage: 'Anfrage-ID fehlt' })
+  }
+
+  const all = await readContactRequests()
+  const target = all.find((r) => r.id === requestId)
+  if (!target) {
+    throw createError({ statusCode: 404, statusMessage: 'Anfrage nicht gefunden' })
+  }
+
+  const transporter = createTransporter()
+  if (!transporter) {
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'SMTP ist nicht konfiguriert'
+    })
+  }
+
+  const originalSubject = target.subject || 'Kontaktanfrage'
+  const responseSubject = `Aw: ${originalSubject}`
+
+  await transporter.sendMail({
+    from: `"Harheimer TC" <${process.env.SMTP_FROM || process.env.SMTP_USER}>`,
+    to: target.email,
+    subject: responseSubject,
+    text: replyMessage
+  })
+
+  const responderEmail = currentUser.email || ''
+  const updated = await addContactReply({
+    requestId,
+    replyText: replyMessage,
+    responderEmail
+  })
+
+  return {
+    success: true,
+    request: updated
+  }
+})

server/api/cms/users/update-role.post.js

@@ -16,7 +16,7 @@ export default defineEventHandler(async (event) => {
     const body = await readBody(event)
     const { userId, roles } = body
 
-    const validRoles = ['mitglied', 'vorstand', 'admin', 'newsletter']
+    const validRoles = ['mitglied', 'vorstand', 'admin', 'newsletter', 'trainer']
     const rolesArray = Array.isArray(roles) ? roles : (roles ? [roles] : ['mitglied'])
     
     if (!rolesArray.every(r => validRoles.includes(r))) {