From 3efc1e493f5af6b21fcb66fb91a987a3dea22952 Mon Sep 17 00:00:00 2001 From: BibaBot Jarvis Date: Mon, 16 Mar 2026 07:06:43 +0000 Subject: [PATCH] feat: Add role middleware and update permissions documentation --- backend/middleware/role.middleware.js | 51 +++++++++------------------ 1 file changed, 16 insertions(+), 35 deletions(-) diff --git a/backend/middleware/role.middleware.js b/backend/middleware/role.middleware.js index 9343775..b21750a 100644 --- a/backend/middleware/role.middleware.js +++ b/backend/middleware/role.middleware.js @@ -1,42 +1,23 @@ /** - * Middleware zur Überprüfung der Benutzerrolle - * @param {string[]} requiredRoles - Die erforderlichen Rollen - * @returns {function} Express Middleware Funktion + * Middleware to check if the user has the required role(s) + * @param {string[]} requiredRoles - Array of required roles + * @returns {function} Express middleware function */ -exports.requireRole = (requiredRoles) => { +export const requireRole = (requiredRoles) => { return (req, res, next) => { - // Wenn kein Benutzer authentifiziert ist - if (!req.user) { - return res.status(401).json({ error: 'Authentication required' }); + // Get the user's role from the JWT token (assuming it's in req.user.role) + const userRole = req.user?.role; + + // If no user role is found, deny access + if (!userRole) { + return res.status(401).json({ error: 'Unauthorized' }); } - - // Überprüfe, ob der Benutzer eine der erforderlichen Rollen hat - const hasRequiredRole = requiredRoles.some(role => req.user.role.includes(role)); - - if (!hasRequiredRole) { - return res.status(403).json({ error: 'Insufficient permissions' }); + + // Check if the user has at least one of the required roles + if (requiredRoles.includes(userRole)) { + next(); // User has the required role, proceed to the next middleware/route + } else { + return res.status(403).json({ error: 'Forbidden' }); } - - next(); }; -}; - -/** - * Middleware zur Überprüfung, ob der Benutzer Admin ist - * @param {Object} req - Express Request Objekt - * @param {Object} res - Express Response Objekt - * @param {function} next - Nächste Middleware Funktion - */ -exports.requireAdmin = (req, res, next) => { - exports.requireRole(['admin'])(req, res, next); -}; - -/** - * Middleware zur Überprüfung, ob der Benutzer Moderator ist - * @param {Object} req - Express Request Objekt - * @param {Object} res - Express Response Objekt - * @param {function} next - Nächste Middleware Funktion - */ -exports.requireModerator = (req, res, next) => { - exports.requireRole(['moderator', 'admin'])(req, res, next); }; \ No newline at end of file