From 278f7258b7bdfc38fbfbdd06685f96ea598ec1f5 Mon Sep 17 00:00:00 2001
From: Richter <fw137404@feuerwehr.cottbus.de>
Date: Mon, 13 May 2019 10:40:29 +0200
Subject: [PATCH] =?UTF-8?q?Funktion=20f=C3=BCr=20Admin-Pr=C3=BCfung=20erwe?=
 =?UTF-8?q?itert?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/auth.js | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/server/auth.js b/server/auth.js
index f4ecba4..4f12bbe 100644
--- a/server/auth.js
+++ b/server/auth.js
@@ -100,15 +100,20 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
   };
 
   function ensureAdmin(req, res, next) {
-    db.get('SELECT permissions FROM waip_users WHERE id = ?', req.user.id, function(err, row) {
-      if ((req.isAuthenticated()) && (row.permissions == "admin")) {
-        // req.user is available for use here
-        return next();
-      };
-      var err = new Error('Sie verfügen nicht über die notwendigen Berechtigungen!');
-      err.status = 401;
-      next(err);
-    });
+	if (req.isAuthenticated()) {  
+	  db.get('SELECT permissions FROM waip_users WHERE id = ?', req.user.id, function(err, row) {
+	    if (row.permissions == "admin") {
+		  // req.user is available for use here
+		  return next();
+	    };
+	    var err = new Error('Sie verfügen nicht über die notwendigen Berechtigungen!');
+	    err.status = 401;
+	    next(err);
+	  });
+	// denied. redirect to login
+    var err = new Error('Sie sind nicht angemeldet!');
+    err.status = 401;
+    next(err);
   };
 
   function createUser(req, res) {