feat(club): enhance club access routes and permissions handling

- Reorganized club-related routes for better clarity and access control, ensuring specific routes are prioritized.
- Updated the store to reset user-specific permissions upon token setting, improving security.
- Modified the ClubView component to handle access checks more effectively, allowing for fallback club data when access is denied.

backend/routes/clubRoutes.js

@@ -7,11 +7,12 @@ const router = express.Router();
 
 router.get('/', authenticate, getClubs);
 router.post('/', authenticate, addClub);
-router.put('/:clubid/settings', authenticate, updateClubSettings);
-router.get('/:clubid', authenticate, getClub);
+// Spezifische Routen VOR generischem /:clubid
 router.get('/request/:clubid', authenticate, requestClubAccess);
 router.get('/pending/:clubid', authenticate, authorize('approvals', 'read'), getPendingApprovals);
 router.post('/approve', authenticate, authorize('approvals', 'write'), approveClubAccess);
-router.post('/reject', authenticate, authorize('approvals', 'write'), rejectClubAccess);  
+router.post('/reject', authenticate, authorize('approvals', 'write'), rejectClubAccess);
+router.put('/:clubid/settings', authenticate, updateClubSettings);
+router.get('/:clubid', authenticate, getClub);
 
 export default router;

frontend/src/store.js

@@ -54,6 +54,9 @@ const store = createStore({
       }
       state.currentClub = null;
       safeSessionStorage.removeItem('currentClub');
+      // Permissions sind user-spezifisch -> immer zurücksetzen, wenn Token gesetzt wird
+      state.permissions = {};
+      safeLocalStorage.removeItem('clubPermissions');
     },
     setUsername(state, username) {
       state.username = username;
@@ -145,6 +148,7 @@ const store = createStore({
     async login({ commit }, { token, username }) {
       commit('setToken', token);
       commit('setUsername', username);
+      commit('clearPermissions');
       const response = await apiClient.get('/clubs');
       commit('setClubsMutation', response.data);
     },

frontend/src/views/ClubView.vue

@@ -124,9 +124,16 @@ export default {
         async loadClub() {
             try {
                 const clubId = this.getClubId();
+                // Wenn keine Berechtigung: Clubnamen aus der Liste verwenden, kein /clubs/:id Request
+                if (!this.canAccessClub()) {
+                    const club = this.clubs.find(c => String(c.id) === String(clubId));
+                    this.club = club || { name: '' };
+                    this.accessAllowed = false;
+                    return;
+                }
                 const response = await apiClient.get(`/clubs/${clubId}`);
                 this.club = response.data || { name: '' };
-                this.accessAllowed = this.canAccessClub();
+                this.accessAllowed = true;
             } catch (error) {
                 this.accessAllowed = false;
                 const message = safeErrorMessage(error, this.$t('club.accessDenied'));