56 lines
1.4 KiB
JavaScript
56 lines
1.4 KiB
JavaScript
import { getUserFromToken, readUsers, writeUsers, hasAnyRole, migrateUserRoles } from '../../../utils/auth.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const token = getCookie(event, 'auth_token')
|
|
const currentUser = await getUserFromToken(token)
|
|
|
|
if (!currentUser || !hasAnyRole(currentUser, 'admin')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Zugriff verweigert'
|
|
})
|
|
}
|
|
|
|
const body = await readBody(event)
|
|
const { userId, roles } = body
|
|
|
|
const validRoles = ['mitglied', 'vorstand', 'admin', 'newsletter']
|
|
const rolesArray = Array.isArray(roles) ? roles : (roles ? [roles] : ['mitglied'])
|
|
|
|
if (!rolesArray.every(r => validRoles.includes(r))) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Ungültige Rolle(n)'
|
|
})
|
|
}
|
|
|
|
const users = await readUsers()
|
|
const user = users.find(u => u.id === userId)
|
|
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
message: 'Benutzer nicht gefunden'
|
|
})
|
|
}
|
|
|
|
// Migriere Benutzer falls nötig
|
|
migrateUserRoles(user)
|
|
|
|
// Setze Rollen
|
|
user.roles = rolesArray
|
|
const updatedUsers = users.map(u => u.id === userId ? user : u)
|
|
await writeUsers(updatedUsers)
|
|
|
|
return {
|
|
success: true,
|
|
message: 'Rolle wurde aktualisiert'
|
|
}
|
|
} catch (error) {
|
|
console.error('Fehler beim Aktualisieren der Rolle:', error)
|
|
throw error
|
|
}
|
|
})
|
|
|