49 lines
1.2 KiB
JavaScript
49 lines
1.2 KiB
JavaScript
import { getUserFromToken, readUsers, writeUsers, hasAnyRole } from '../../../utils/auth.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const token = getCookie(event, 'auth_token')
|
|
const currentUser = await getUserFromToken(token)
|
|
|
|
if (!currentUser || !hasAnyRole(currentUser, 'admin')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Zugriff verweigert'
|
|
})
|
|
}
|
|
|
|
const body = await readBody(event)
|
|
const { userId } = body
|
|
|
|
if (userId === currentUser.id) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Sie können sich nicht selbst deaktivieren'
|
|
})
|
|
}
|
|
|
|
const users = await readUsers()
|
|
const user = users.find(u => u.id === userId)
|
|
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
message: 'Benutzer nicht gefunden'
|
|
})
|
|
}
|
|
|
|
user.active = false
|
|
const updatedUsers = users.map(u => u.id === userId ? user : u)
|
|
await writeUsers(updatedUsers)
|
|
|
|
return {
|
|
success: true,
|
|
message: 'Benutzer wurde deaktiviert'
|
|
}
|
|
} catch (error) {
|
|
console.error('Fehler beim Deaktivieren:', error)
|
|
throw error
|
|
}
|
|
})
|
|
|