e033d716dd
- Implemented CmsViewModel to manage CMS data loading and state. - Created MemberAreaDetailScreens for displaying member information and news. - Added MembersViewModel and MemberNewsViewModel for managing member data and news. - Developed MemberAreaScreen to provide navigation and display member-related options. - Introduced ProfileScreen and ProfileViewModel for user profile management. - Implemented state management for loading, error handling, and form updates across screens.
56 lines
1.3 KiB
JavaScript
56 lines
1.3 KiB
JavaScript
import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js'
|
|
import { deleteNews } from '../utils/news.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
|
|
|
|
if (!token) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Nicht authentifiziert.'
|
|
})
|
|
}
|
|
|
|
const decoded = verifyToken(token)
|
|
|
|
if (!decoded) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Ungültiges Token.'
|
|
})
|
|
}
|
|
|
|
const user = await getUserById(decoded.id)
|
|
|
|
// Only admin and vorstand can delete news
|
|
if (!user || !hasAnyRole(user, 'admin', 'vorstand')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Keine Berechtigung zum Löschen von News.'
|
|
})
|
|
}
|
|
|
|
// Get ID from query params for DELETE requests
|
|
const query = getQuery(event)
|
|
const id = query.id
|
|
|
|
if (!id) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'News-ID ist erforderlich.'
|
|
})
|
|
}
|
|
|
|
await deleteNews(id)
|
|
|
|
return {
|
|
success: true,
|
|
message: 'News erfolgreich gelöscht.'
|
|
}
|
|
} catch (error) {
|
|
console.error('Fehler beim Löschen der News:', error)
|
|
throw error
|
|
}
|
|
})
|