Add user management system with approval workflow and role assignment

2025-10-21 11:35:02 +02:00
parent f058516a3d
commit 96ff9e5d44
59 changed files with 1145 additions and 361 deletions
--- a/server/api/cms/users/update-role.post.js
+++ b/server/api/cms/users/update-role.post.js
@@ -0,0 +1,48 @@
+import { getUserFromToken, readUsers, writeUsers } from '../../../utils/auth.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+    const currentUser = await getUserFromToken(token)
+
+    if (!currentUser || (currentUser.role !== 'admin' && currentUser.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        message: 'Zugriff verweigert'
+      })
+    }
+
+    const body = await readBody(event)
+    const { userId, role } = body
+
+    if (!['mitglied', 'vorstand', 'admin'].includes(role)) {
+      throw createError({
+        statusCode: 400,
+        message: 'Ungültige Rolle'
+      })
+    }
+
+    const users = await readUsers()
+    const user = users.find(u => u.id === userId)
+
+    if (!user) {
+      throw createError({
+        statusCode: 404,
+        message: 'Benutzer nicht gefunden'
+      })
+    }
+
+    user.role = role
+    const updatedUsers = users.map(u => u.id === userId ? user : u)
+    await writeUsers(updatedUsers)
+
+    return {
+      success: true,
+      message: 'Rolle wurde aktualisiert'
+    }
+  } catch (error) {
+    console.error('Fehler beim Aktualisieren der Rolle:', error)
+    throw error
+  }
+})
+