Add internal news system with role-based write permissions

2025-10-21 14:47:00 +02:00
parent d21c96de07
commit cf2855be83
6 changed files with 526 additions and 0 deletions
--- a/server/api/news.delete.js
+++ b/server/api/news.delete.js
@@ -0,0 +1,55 @@
+import { verifyToken, getUserById } from '../utils/auth.js'
+import { deleteNews } from '../utils/news.js'
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const user = await getUserById(decoded.id)
+
+    // Only admin and vorstand can delete news
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        message: 'Keine Berechtigung zum Löschen von News.'
+      })
+    }
+
+    const body = await readBody(event)
+    const { id } = body
+
+    if (!id) {
+      throw createError({
+        statusCode: 400,
+        message: 'News-ID ist erforderlich.'
+      })
+    }
+
+    await deleteNews(id)
+
+    return {
+      success: true,
+      message: 'News erfolgreich gelöscht.'
+    }
+  } catch (error) {
+    console.error('Fehler beim Löschen der News:', error)
+    throw error
+  }
+})
+