Enhance permission validation and error handling in permissionController

Updated the getUserPermissions function to include validation for clubId, ensuring it is a valid positive integer. Added error handling to return a 400 status with a descriptive message for invalid club IDs, improving the robustness of the API response.
2025-11-05 16:33:52 +01:00
parent ad99787f75
commit a0d12a895e
2 changed files with 43 additions and 6 deletions
--- a/backend/controllers/permissionController.js
+++ b/backend/controllers/permissionController.js
@@ -8,7 +8,13 @@ export const getUserPermissions = async (req, res) => {
    const { clubId } = req.params;
    const userId = req.user.id;

-    const permissions = await permissionService.getUserClubPermissions(userId, parseInt(clubId));
+    // Validierung: clubId muss eine gültige Zahl sein
+    const parsedClubId = parseInt(clubId, 10);
+    if (isNaN(parsedClubId) || parsedClubId <= 0) {
+      return res.status(400).json({ error: 'Ungültige Club-ID' });
+    }
+
+    const permissions = await permissionService.getUserClubPermissions(userId, parsedClubId);

    if (!permissions) {
      return res.status(404).json({ error: 'Keine Berechtigungen gefunden' });
--- a/backend/services/memberTransferService.js
+++ b/backend/services/memberTransferService.js
@@ -74,9 +74,14 @@ class MemberTransferService {
                    // Login-Credentials aus gespeicherter Konfiguration laden, falls vorhanden
                    // WICHTIG: Nur wenn keine Credentials übergeben wurden ODER wenn übergebene Credentials leer sind
                    if (!loginCredentials || Object.keys(loginCredentials).length === 0) {
-                        if (savedConfig.loginEndpoint === config.loginEndpoint) {
+                        // Endpoint-Vergleich: Normalisiere beide für Vergleich (entferne führende/schließende Slashes)
+                        const normalizedConfigEndpoint = config.loginEndpoint.replace(/^\/|\/$/g, '');
+                        const normalizedSavedEndpoint = savedConfig.loginEndpoint?.replace(/^\/|\/$/g, '') || '';
+                        
+                        if (normalizedSavedEndpoint === normalizedConfigEndpoint || !savedConfig.loginEndpoint) {
                            const savedCredentials = savedConfig.getLoginCredentials();
                            if (savedCredentials && Object.keys(savedCredentials).length > 0) {
+                                devLog('[transferMembers] Verwende gespeicherte Login-Credentials');
                                loginCredentials = savedCredentials;
                            }
                        }
@@ -93,15 +98,41 @@ class MemberTransferService {
                            where: { clubId }
                        });
                    }
-                    if (savedConfig && savedConfig.loginEndpoint === config.loginEndpoint) {
-                        const savedCredentials = savedConfig.getLoginCredentials();
-                        if (savedCredentials && Object.keys(savedCredentials).length > 0) {
-                            loginCredentials = savedCredentials;
+                    if (savedConfig) {
+                        // Versuche Endpoint zu vergleichen (normalisiert)
+                        const normalizedConfigEndpoint = config.loginEndpoint.replace(/\/$/, '').toLowerCase();
+                        const savedEndpointFull = savedConfig.loginEndpoint 
+                            ? (savedConfig.server?.replace(/\/$/, '') + '/' + savedConfig.loginEndpoint.replace(/^\//, '')).replace(/\/$/, '').toLowerCase()
+                            : null;
+                        
+                        // Wenn Endpoints übereinstimmen ODER wenn kein Endpoint in gespeicherter Config
+                        if (savedEndpointFull === normalizedConfigEndpoint || !savedConfig.loginEndpoint) {
+                            const savedCredentials = savedConfig.getLoginCredentials();
+                            if (savedCredentials && Object.keys(savedCredentials).length > 0) {
+                                devLog('[transferMembers] Verwende gespeicherte Login-Credentials (vollständige URL)');
+                                loginCredentials = savedCredentials;
+                            }
                        }
                    }
                }
            }
            
+            // Fallback: Wenn immer noch keine Credentials, versuche aus gespeicherter Config zu laden
+            if (config.loginEndpoint && (!loginCredentials || Object.keys(loginCredentials).length === 0)) {
+                if (!savedConfig) {
+                    savedConfig = await MemberTransferConfig.findOne({
+                        where: { clubId }
+                    });
+                }
+                if (savedConfig) {
+                    const savedCredentials = savedConfig.getLoginCredentials();
+                    if (savedCredentials && Object.keys(savedCredentials).length > 0) {
+                        devLog('[transferMembers] Fallback: Verwende gespeicherte Login-Credentials');
+                        loginCredentials = savedCredentials;
+                    }
+                }
+            }
+            
            if (config.transferEndpoint && !config.transferEndpoint.startsWith('http')) {
                // Versuche gespeicherte Konfiguration zu finden (falls noch nicht geladen)
                if (!savedConfig) {