55 lines
1.0 KiB
JavaScript
55 lines
1.0 KiB
JavaScript
function requireLogin(req, res, next) {
|
|
if (!req.session.user) {
|
|
return res.redirect("/");
|
|
}
|
|
|
|
req.user = req.session.user;
|
|
next();
|
|
}
|
|
|
|
// ✅ NEU: Arzt-only (das war früher dein requireAdmin)
|
|
function requireArzt(req, res, next) {
|
|
console.log("ARZT CHECK:", req.session.user);
|
|
|
|
if (!req.session.user) {
|
|
return res.redirect("/");
|
|
}
|
|
|
|
if (req.session.user.role !== "arzt") {
|
|
return res
|
|
.status(403)
|
|
.send(
|
|
"⛔ Kein Zugriff (Arzt erforderlich). Rolle: " + req.session.user.role,
|
|
);
|
|
}
|
|
|
|
req.user = req.session.user;
|
|
next();
|
|
}
|
|
|
|
// ✅ NEU: Admin-only
|
|
function requireAdmin(req, res, next) {
|
|
console.log("ADMIN CHECK:", req.session.user);
|
|
|
|
if (!req.session.user) {
|
|
return res.redirect("/");
|
|
}
|
|
|
|
if (req.session.user.role !== "admin") {
|
|
return res
|
|
.status(403)
|
|
.send(
|
|
"⛔ Kein Zugriff (Admin erforderlich). Rolle: " + req.session.user.role,
|
|
);
|
|
}
|
|
|
|
req.user = req.session.user;
|
|
next();
|
|
}
|
|
|
|
module.exports = {
|
|
requireLogin,
|
|
requireArzt,
|
|
requireAdmin,
|
|
};
|