openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Implement role management API endpoints
Some checks are pending
Docker Test / test (push) Waiting to run
Details

Browse source
This commit is contained in:
BibaBot Jarvis 2026-03-16 05:07:56 +00:00
parent 1f3e567d3a
commit fddbb167c2
6 changed files with 355 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/app.js
View file

@ -16,7 +16,7 @@ app.use(auditLogger);
// Routes
app.use('/auth', authRoutes);
app.use('/roles', rolesRoutes);
app.use('/api/users', rolesRoutes);
// Health check endpoint
app.get('/health', (req, res) => {

105
backend/controllers/roles.controller.js Normal file
View file

@ -0,0 +1,105 @@
const { getUserById, updateUser } = require('../services/user.service');
const { logAudit } = require('../services/audit.service');
/**
* Liefert die Rollen eines Benutzers
* @param {Object} req - Express Request Objekt
* @param {Object} res - Express Response Objekt
*/
exports.getUserRoles = async (req, res) => {
try {
const { userId } = req.params;
const user = await getUserById(userId);
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
res.json(user.roles || []);
} catch (error) {
console.error('Error getting user roles:', error);
res.status(500).json({ error: 'Internal server error' });
}
};
/**
* Ändert die Rollen eines Benutzers
* @param {Object} req - Express Request Objekt
* @param {Object} res - Express Response Objekt
*/
exports.updateUserRoles = async (req, res) => {
try {
const { userId } = req.params;
const { roles } = req.body;
// Validierung der Rollen
if (!Array.isArray(roles)) {
return res.status(400).json({ error: 'Roles must be an array' });
}
// Überprüfe, ob alle Rollen gültig sind
const validRoles = ['user', 'moderator', 'admin'];
for (const role of roles) {
if (!validRoles.includes(role)) {
return res.status(400).json({ error: `Invalid role: ${role}` });
}
}
const user = await getUserById(userId);
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
// Aktualisiere die Rollen
user.roles = roles;
await updateUser(userId, { roles });
// Audit-Eintrag
await logAudit({
actorUserId: req.user?.id || 'system',
action: 'USER_ROLES_UPDATE',
targetType: 'user',
targetId: userId,
details: { oldRoles: user.roles, newRoles: roles }
});
res.json({ message: 'Roles updated successfully' });
} catch (error) {
console.error('Error updating user roles:', error);
res.status(500).json({ error: 'Internal server error' });
}
};
/**
* Entfernt alle Rollen eines Benutzers
* @param {Object} req - Express Request Objekt
* @param {Object} res - Express Response Objekt
*/
exports.deleteUserRoles = async (req, res) => {
try {
const { userId } = req.params;
const user = await getUserById(userId);
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
// Entferne alle Rollen
user.roles = [];
await updateUser(userId, { roles: [] });
// Audit-Eintrag
await logAudit({
actorUserId: req.user?.id || 'system',
action: 'USER_ROLES_DELETE',
targetType: 'user',
targetId: userId,
details: { oldRoles: user.roles, newRoles: [] }
});
res.json({ message: 'Roles deleted successfully' });
} catch (error) {
console.error('Error deleting user roles:', error);
res.status(500).json({ error: 'Internal server error' });
}
};

51
backend/middleware/role.middleware.js
View file

@ -1,23 +1,42 @@
/**
* Middleware to check if the user has the required role(s)
* @param {string[]} requiredRoles - Array of required roles
* @returns {function} Express middleware function
* Middleware zur Überprüfung der Benutzerrolle
* @param {string[]} requiredRoles - Die erforderlichen Rollen
* @returns {function} Express Middleware Funktion
*/
export const requireRole = (requiredRoles) => {
exports.requireRole = (requiredRoles) => {
return (req, res, next) => {
// Get the user's role from the JWT token (assuming it's in req.user.role)
const userRole = req.user?.role;
// If no user role is found, deny access
if (!userRole) {
return res.status(401).json({ error: 'Unauthorized' });
// Wenn kein Benutzer authentifiziert ist
if (!req.user) {
return res.status(401).json({ error: 'Authentication required' });
}
// Check if the user has at least one of the required roles
if (requiredRoles.includes(userRole)) {
next(); // User has the required role, proceed to the next middleware/route
} else {
return res.status(403).json({ error: 'Forbidden' });
// Überprüfe, ob der Benutzer eine der erforderlichen Rollen hat
const hasRequiredRole = requiredRoles.some(role => req.user.role.includes(role));
if (!hasRequiredRole) {
return res.status(403).json({ error: 'Insufficient permissions' });
}
next();
};
};
/**
* Middleware zur Überprüfung, ob der Benutzer Admin ist
* @param {Object} req - Express Request Objekt
* @param {Object} res - Express Response Objekt
* @param {function} next - Nächste Middleware Funktion
*/
exports.requireAdmin = (req, res, next) => {
exports.requireRole(['admin'])(req, res, next);
};
/**
* Middleware zur Überprüfung, ob der Benutzer Moderator ist
* @param {Object} req - Express Request Objekt
* @param {Object} res - Express Response Objekt
* @param {function} next - Nächste Middleware Funktion
*/
exports.requireModerator = (req, res, next) => {
exports.requireRole(['moderator', 'admin'])(req, res, next);
};

96
backend/routes/roles.routes.js Normal file
View file

@ -0,0 +1,96 @@
const express = require('express');
const router = express.Router();
const { requireAdmin } = require('../middleware/role.middleware');
const { getUserRoles, updateUserRoles, deleteUserRoles } = require('../controllers/roles.controller');
/**
* @swagger
* /api/users/{userId}/roles:
* get:
* summary: Liefert die Rollen eines Benutzers
* tags: [Roles]
* parameters:
* - in: path
* name: userId
* required: true
* schema:
* type: string
* description: Die ID des Benutzers
* responses:
* 200:
* description: Die Rollen des Benutzers
* content:
* application/json:
* schema:
* type: array
* items:
* type: string
* 404:
* description: Benutzer nicht gefunden
* 500:
* description: Interner Serverfehler
*/
router.get('/:userId/roles', getUserRoles);
/**
* @swagger
* /api/users/{userId}/roles:
* put:
* summary: Ändert die Rollen eines Benutzers
* tags: [Roles]
* parameters:
* - in: path
* name: userId
* required: true
* schema:
* type: string
* description: Die ID des Benutzers
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: array
* items:
* type: string
* description: Die neuen Rollen des Benutzers
* responses:
* 200:
* description: Rollen erfolgreich aktualisiert
* 400:
* description: Ungültige Rollen
* 403:
* description: Keine Berechtigung
* 404:
* description: Benutzer nicht gefunden
* 500:
* description: Interner Serverfehler
*/
router.put('/:userId/roles', requireAdmin, updateUserRoles);
/**
* @swagger
* /api/users/{userId}/roles:
* delete:
* summary: Entfernt alle Rollen eines Benutzers
* tags: [Roles]
* parameters:
* - in: path
* name: userId
* required: true
* schema:
* type: string
* description: Die ID des Benutzers
* responses:
* 200:
* description: Rollen erfolgreich entfernt
* 403:
* description: Keine Berechtigung
* 404:
* description: Benutzer nicht gefunden
* 500:
* description: Interner Serverfehler
*/
router.delete('/:userId/roles', requireAdmin, deleteUserRoles);
module.exports = router;