From 5e5fcdd9c08a3424c80cf7bee978a81940e1cc0d Mon Sep 17 00:00:00 2001
From: Robert Richter <robertrichter87@web.de>
Date: Sat, 11 May 2019 22:30:24 +0200
Subject: [PATCH] Funktion zur Erkennung von Admin-Rechten angelegt

---
 server/auth.js | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/server/auth.js b/server/auth.js
index 25415ba..f4ecba4 100644
--- a/server/auth.js
+++ b/server/auth.js
@@ -92,13 +92,24 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
     if (req.isAuthenticated()) {
       // req.user is available for use here
       return next();
-    }
+    };
     // denied. redirect to login
-    res.redirect('/login')
-  }
+    var err = new Error('Sie sind nicht angemeldet!');
+    err.status = 401;
+    next(err);
+  };
 
-  //TODO: ensureAuthenticated für admin-user erstellen
-  //-> req.user && req.user.permissions == "admin"
+  function ensureAdmin(req, res, next) {
+    db.get('SELECT permissions FROM waip_users WHERE id = ?', req.user.id, function(err, row) {
+      if ((req.isAuthenticated()) && (row.permissions == "admin")) {
+        // req.user is available for use here
+        return next();
+      };
+      var err = new Error('Sie verfügen nicht über die notwendigen Berechtigungen!');
+      err.status = 401;
+      next(err);
+    });
+  };
 
   function createUser(req, res) {
     db.get('SELECT user FROM waip_users WHERE user = ?', req.body.username, function(err, row) {
@@ -192,6 +203,7 @@ module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
 
   return {
     ensureAuthenticated: ensureAuthenticated,
+    ensureAdmin:ensureAdmin,
     createUser: createUser,
     deleteUser: deleteUser,
     editUser: editUser