IBCornelsen/online-energieausweis
1
0
Fork 0
Code Issues 272 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Merge remote-tracking branch 'origin/dev' into dev

Browse Source
This commit is contained in:
Moritz Utcke
2025-06-09 10:43:51 -03:00
parent 19136d475d 3983aabcb2
commit 8791516498
4 changed files with 43 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pages/api/user/index.ts
View File

@@ -38,7 +38,7 @@ export const POST = defineApiRoute({
if (input.telefon) updateData.telefon = input.telefon;
if (input.verified) updateData.telefon = input.verified;
//Admin may update other users
//Only Admin can update other users
if (user.rolle == Enums.BenutzerRolle.ADMIN && input.id != user.id) {
updateData.id = input.id;
} else if(user.rolle != Enums.BenutzerRolle.ADMIN && input.id != user.id){
@@ -64,9 +64,14 @@ export const GET = defineApiRoute({
email: z.string()
})),
output: z.array(BenutzerSchema),
middleware: adminMiddleware,
middleware: authorizationMiddleware,
async fetch(input, context, admin) {
if ("id" in input) {
//Only Admin can read other users
if (admin.rolle != Enums.BenutzerRolle.ADMIN && input.id != admin.id) {
return;
}
const user = await prisma.benutzer.findUnique({
where: {
id: input.id
@@ -79,6 +84,11 @@ export const GET = defineApiRoute({
return [user];
} else {
//Only admin can read many users
if (admin.rolle != Enums.BenutzerRolle.ADMIN ) {
return;
}
const users = await prisma.benutzer.findMany({
where: {
email: {