diff --git a/backend/controllers/predefinedActivityImageController.js b/backend/controllers/predefinedActivityImageController.js index 3a07fce..9966af7 100644 --- a/backend/controllers/predefinedActivityImageController.js +++ b/backend/controllers/predefinedActivityImageController.js @@ -1,6 +1,6 @@ import PredefinedActivity from '../models/PredefinedActivity.js'; import PredefinedActivityImage from '../models/PredefinedActivityImage.js'; -import { checkAccess } from '../utils/userUtils.js'; +import { checkGlobalAccess } from '../utils/userUtils.js'; import path from 'path'; import fs from 'fs'; import sharp from 'sharp'; @@ -9,7 +9,7 @@ export const uploadPredefinedActivityImage = async (req, res) => { try { const { id } = req.params; // predefinedActivityId const { authcode: userToken } = req.headers; - await checkAccess(userToken); // Club-Kontext ist hier nicht zwingend, falls gewünscht kann erweitert werden + await checkGlobalAccess(userToken); // Predefined Activities sind global, keine Club-Zugriffskontrolle nötig const activity = await PredefinedActivity.findByPk(id); if (!activity) { @@ -54,7 +54,7 @@ export const deletePredefinedActivityImage = async (req, res) => { try { const { id, imageId } = req.params; // predefinedActivityId, imageId const { authcode: userToken } = req.headers; - await checkAccess(userToken); + await checkGlobalAccess(userToken); const activity = await PredefinedActivity.findByPk(id); if (!activity) { diff --git a/backend/utils/userUtils.js b/backend/utils/userUtils.js index 81608a8..3980280 100644 --- a/backend/utils/userUtils.js +++ b/backend/utils/userUtils.js @@ -70,3 +70,13 @@ export const checkAccess = async (userToken, clubId) => { throw error; } }; + +export const checkGlobalAccess = async (userToken) => { + try { + const user = await getUserByToken(userToken); + return user; // Einfach den User zurückgeben, da globale Zugriffe nur Authentifizierung benötigen + } catch (error) { + console.log(error); + throw error; + } +};