From a1dc6afb2cc8c7848e64ccab588c6f9c986c4060 Mon Sep 17 00:00:00 2001
From: "Torsten Schulz (local)" <tsschulz@gmx.net>
Date: Mon, 15 Sep 2025 23:53:49 +0200
Subject: [PATCH] =?UTF-8?q?=C3=84ndert=20die=20Zugriffskontrolle=20in=20pr?=
 =?UTF-8?q?edefinedActivityImageController.js=20von=20checkAccess=20zu=20c?=
 =?UTF-8?q?heckGlobalAccess,=20um=20die=20globale=20Authentifizierung=20f?=
 =?UTF-8?q?=C3=BCr=20vordefinierte=20Aktivit=C3=A4ten=20zu=20erm=C3=B6glic?=
 =?UTF-8?q?hen.=20F=C3=BCgt=20die=20Funktion=20checkGlobalAccess=20in=20us?=
 =?UTF-8?q?erUtils.js=20hinzu,=20die=20die=20Benutzerinformationen=20basie?=
 =?UTF-8?q?rend=20auf=20dem=20Token=20zur=C3=BCckgibt.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controllers/predefinedActivityImageController.js   |  6 +++---
 backend/utils/userUtils.js                             | 10 ++++++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/backend/controllers/predefinedActivityImageController.js b/backend/controllers/predefinedActivityImageController.js
index 3a07fce..9966af7 100644
--- a/backend/controllers/predefinedActivityImageController.js
+++ b/backend/controllers/predefinedActivityImageController.js
@@ -1,6 +1,6 @@
 import PredefinedActivity from '../models/PredefinedActivity.js';
 import PredefinedActivityImage from '../models/PredefinedActivityImage.js';
-import { checkAccess } from '../utils/userUtils.js';
+import { checkGlobalAccess } from '../utils/userUtils.js';
 import path from 'path';
 import fs from 'fs';
 import sharp from 'sharp';
@@ -9,7 +9,7 @@ export const uploadPredefinedActivityImage = async (req, res) => {
   try {
     const { id } = req.params; // predefinedActivityId
     const { authcode: userToken } = req.headers;
-    await checkAccess(userToken); // Club-Kontext ist hier nicht zwingend, falls gewünscht kann erweitert werden
+    await checkGlobalAccess(userToken); // Predefined Activities sind global, keine Club-Zugriffskontrolle nötig
 
     const activity = await PredefinedActivity.findByPk(id);
     if (!activity) {
@@ -54,7 +54,7 @@ export const deletePredefinedActivityImage = async (req, res) => {
   try {
     const { id, imageId } = req.params; // predefinedActivityId, imageId
     const { authcode: userToken } = req.headers;
-    await checkAccess(userToken);
+    await checkGlobalAccess(userToken);
 
     const activity = await PredefinedActivity.findByPk(id);
     if (!activity) {
diff --git a/backend/utils/userUtils.js b/backend/utils/userUtils.js
index 81608a8..3980280 100644
--- a/backend/utils/userUtils.js
+++ b/backend/utils/userUtils.js
@@ -70,3 +70,13 @@ export const checkAccess = async (userToken, clubId) => {
         throw error;
     }
 };
+
+export const checkGlobalAccess = async (userToken) => {
+    try {
+        const user = await getUserByToken(userToken);
+        return user; // Einfach den User zurückgeben, da globale Zugriffe nur Authentifizierung benötigen
+    } catch (error) {
+        console.log(error);
+        throw error;
+    }
+};