From 6a19e6fc0dbd1f30ba88bff8ba730596fe5d8486 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9ESophia?= <„sophia.haupt@mni.thm.de“>
Date: Wed, 29 Jan 2025 11:32:34 +0100
Subject: [PATCH] admin repereiert
---
userman_all/server/src/server.ts | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/userman_all/server/src/server.ts b/userman_all/server/src/server.ts
index 0d7546d..4f4ee33 100644
--- a/userman_all/server/src/server.ts
+++ b/userman_all/server/src/server.ts
@@ -102,6 +102,16 @@ function isLoggedIn(req: Request, res: Response, next: NextFunction) {
}
}
+function isLoggedAdmin(req: Request, res: Response, next: NextFunction) {
+ if (req.session.user != null && req.session.user.role === 'admin') {
+ next();
+ } else {
+ res.status(401).send({
+ message: 'sorry, du bist kein Admin :(',
+ })
+ }
+}
+
//HTTP-Routen
/*****************************************************************************
* HTTP ROUTES: LOGIN *
@@ -605,7 +615,7 @@ app.put('/user', isLoggedIn, async (req: Request, res: Response): Promise<void>
});
// update route admin
-app.put('/user/:userId', isLoggedIn, async (req: Request, res: Response): Promise<void> => {
+app.put('/user/:userId', isLoggedAdmin, async (req: Request, res: Response): Promise<void> => {
console.log(req.body);
// Read data from request
const userId: number = parseInt(req.params.userId);
@@ -690,7 +700,7 @@ app.put('/user/:userId', isLoggedIn, async (req: Request, res: Response): Promis
* }
*/
-app.delete('/user/:userId', isLoggedIn, async (req: Request, res: Response): Promise<void> => {
+app.delete('/user/:userId', isLoggedAdmin, async (req: Request, res: Response): Promise<void> => {
// Read data from request
const userId: number = parseInt(req.params.userId);
// Delete user
@@ -834,7 +844,7 @@ app.delete('/user', isLoggedIn, async (req: Request, res: Response): Promise<voi
//stellt sicher, dass nur eingeloggte Benutzer Zugriff auf die Benutzerliste haben.
// Die Route ruft alle Benutzer aus der Tabelle user in der Datenbank ab.
// Sie wandelt die Ergebnisse der Datenbank in ein standardisiertes Format (User-Objekte) um.
-app.get('/users', isLoggedIn, async (req: Request, res: Response): Promise<void> => {
+app.get('/users', isLoggedAdmin, async (req: Request, res: Response): Promise<void> => {
// Send user list to client
const query: string = 'SELECT * FROM user;';
--
GitLab