diff --git a/pages/cms/benutzer.vue b/pages/cms/benutzer.vue
index 61912ee..49b7131 100644
--- a/pages/cms/benutzer.vue
+++ b/pages/cms/benutzer.vue
@@ -143,12 +143,28 @@
|
- {{ user.email }}
+
+ {{ user.email || '-' }}
+
+
+ Nur für Vorstand
+
|
- {{ user.phone || '-' }}
+
+ {{ user.phone || '-' }}
+
+
+ Nur für Vorstand
+
|
@@ -307,6 +323,13 @@
import { ref, computed, onMounted } from 'vue'
import { AlertCircle, Check, X } from 'lucide-vue-next'
+const authStore = useAuthStore()
+
+const canViewContactData = computed(() => {
+ // Kontaktdaten nur für Vorstand sichtbar
+ return authStore.hasRole('vorstand')
+})
+
const allUsers = ref([])
const currentUserId = ref(null)
const successMessage = ref('')
diff --git a/server/api/cms/users/list.get.js b/server/api/cms/users/list.get.js
index bb801f8..8bb72ec 100644
--- a/server/api/cms/users/list.get.js
+++ b/server/api/cms/users/list.get.js
@@ -1,4 +1,4 @@
-import { getUserFromToken, readUsers, hasAnyRole, migrateUserRoles } from '../../../utils/auth.js'
+import { getUserFromToken, readUsers, hasAnyRole, hasRole, migrateUserRoles } from '../../../utils/auth.js'
export default defineEventHandler(async (event) => {
try {
@@ -13,18 +13,24 @@ export default defineEventHandler(async (event) => {
}
const users = await readUsers()
-
- // Return users without passwords
+
+ const isVorstand = hasRole(currentUser, 'vorstand')
+
+ // Return users without Passwörter; Kontaktdaten nur für Vorstand
const safeUsers = users.map(u => {
const migrated = migrateUserRoles({ ...u })
const roles = Array.isArray(migrated.roles) ? migrated.roles : (migrated.role ? [migrated.role] : ['mitglied'])
+
+ const email = isVorstand ? u.email : undefined
+ const phone = isVorstand ? (u.phone || '') : undefined
+
return {
id: u.id,
- email: u.email,
+ email,
name: u.name,
roles: roles,
role: roles[0] || 'mitglied', // Rückwärtskompatibilität
- phone: u.phone || '',
+ phone,
active: u.active,
created: u.created,
lastLogin: u.lastLogin
diff --git a/server/api/members.get.js b/server/api/members.get.js
index 6ce1b67..3a5fedd 100644
--- a/server/api/members.get.js
+++ b/server/api/members.get.js
@@ -1,4 +1,4 @@
-import { verifyToken } from '../utils/auth.js'
+import { verifyToken, getUserFromToken, hasRole } from '../utils/auth.js'
import { readMembers } from '../utils/members.js'
import { readUsers, migrateUserRoles } from '../utils/auth.js'
@@ -22,6 +22,8 @@ export default defineEventHandler(async (event) => {
})
}
+ const currentUser = await getUserFromToken(token)
+
// Get manual members and registered users
const manualMembers = await readMembers()
const registeredUsers = await readUsers()
@@ -141,9 +143,20 @@ export default defineEventHandler(async (event) => {
// Sort by name
mergedMembers.sort((a, b) => a.name.localeCompare(b.name))
+ // Serverseitiger Datenschutz: Kontaktdaten nur für Vorstand
+ const isVorstand = hasRole(currentUser, 'vorstand')
+ const safeMembers = isVorstand
+ ? mergedMembers
+ : mergedMembers.map(m => ({
+ ...m,
+ email: undefined,
+ phone: undefined,
+ address: undefined
+ }))
+
return {
success: true,
- members: mergedMembers
+ members: safeMembers
}
} catch (error) {
console.error('Fehler beim Abrufen der Mitgliederliste:', error)
|