150 lines
3.3 KiB
JavaScript
150 lines
3.3 KiB
JavaScript
const db = require("../db");
|
|
const { createUser, getAllUsers} = require("../services/admin.service");
|
|
const bcrypt = require("bcrypt");
|
|
|
|
async function listUsers(req, res) {
|
|
try {
|
|
const users = await getAllUsers(db);
|
|
res.render("admin_users", {
|
|
users,
|
|
currentUser: req.session.user
|
|
});
|
|
} catch (err) {
|
|
console.error(err);
|
|
res.send("Datenbankfehler");
|
|
}
|
|
}
|
|
|
|
function showCreateUser(req, res) {
|
|
res.render("admin_create_user", {
|
|
error: null,
|
|
user: req.session.user
|
|
});
|
|
}
|
|
|
|
async function postCreateUser(req, res) {
|
|
let {
|
|
first_name,
|
|
last_name,
|
|
username,
|
|
password,
|
|
role,
|
|
fachrichtung,
|
|
arztnummer
|
|
} = req.body;
|
|
|
|
first_name = first_name?.trim();
|
|
last_name = last_name?.trim();
|
|
username = username?.trim();
|
|
fachrichtung = fachrichtung?.trim();
|
|
arztnummer = arztnummer?.trim();
|
|
|
|
// 🔴 Grundvalidierung
|
|
if (!first_name || !last_name || !username || !password || !role) {
|
|
return res.render("admin_create_user", {
|
|
error: "Alle Pflichtfelder müssen ausgefüllt sein",
|
|
user: req.session.user
|
|
});
|
|
}
|
|
|
|
// 🔴 Arzt-spezifische Validierung
|
|
if (role === "arzt") {
|
|
if (!fachrichtung || !arztnummer) {
|
|
return res.render("admin_create_user", {
|
|
error: "Für Ärzte sind Fachrichtung und Arztnummer Pflicht",
|
|
user: req.session.user
|
|
});
|
|
}
|
|
} else {
|
|
// Sicherheit: Mitarbeiter dürfen keine Arzt-Daten haben
|
|
fachrichtung = null;
|
|
arztnummer = null;
|
|
}
|
|
|
|
try {
|
|
await createUser(
|
|
db,
|
|
first_name,
|
|
last_name,
|
|
username,
|
|
password,
|
|
role,
|
|
fachrichtung,
|
|
arztnummer
|
|
);
|
|
|
|
req.session.flash = {
|
|
type: "success",
|
|
message: "Benutzer erfolgreich angelegt"
|
|
};
|
|
|
|
res.redirect("/admin/users");
|
|
|
|
} catch (error) {
|
|
res.render("admin_create_user", {
|
|
error,
|
|
user: req.session.user
|
|
});
|
|
}
|
|
}
|
|
|
|
|
|
async function changeUserRole(req, res) {
|
|
const userId = req.params.id;
|
|
const { role } = req.body;
|
|
|
|
if (!["arzt", "mitarbeiter"].includes(role)) {
|
|
req.session.flash = { type: "danger", message: "Ungültige Rolle" };
|
|
return res.redirect("/admin/users");
|
|
}
|
|
|
|
db.query(
|
|
"UPDATE users SET role = ? WHERE id = ?",
|
|
[role, userId],
|
|
err => {
|
|
if (err) {
|
|
console.error(err);
|
|
req.session.flash = { type: "danger", message: "Fehler beim Ändern der Rolle" };
|
|
} else {
|
|
req.session.flash = { type: "success", message: "Rolle erfolgreich geändert" };
|
|
}
|
|
res.redirect("/admin/users");
|
|
}
|
|
);
|
|
}
|
|
|
|
async function resetUserPassword(req, res) {
|
|
const userId = req.params.id;
|
|
const { password } = req.body;
|
|
|
|
if (!password || password.length < 4) {
|
|
req.session.flash = { type: "warning", message: "Passwort zu kurz" };
|
|
return res.redirect("/admin/users");
|
|
}
|
|
|
|
const hash = await bcrypt.hash(password, 10);
|
|
|
|
db.query(
|
|
"UPDATE users SET password = ? WHERE id = ?",
|
|
[hash, userId],
|
|
err => {
|
|
if (err) {
|
|
console.error(err);
|
|
req.session.flash = { type: "danger", message: "Fehler beim Zurücksetzen" };
|
|
} else {
|
|
req.session.flash = { type: "success", message: "Passwort zurückgesetzt" };
|
|
}
|
|
res.redirect("/admin/users");
|
|
}
|
|
);
|
|
}
|
|
|
|
|
|
module.exports = {
|
|
listUsers,
|
|
showCreateUser,
|
|
postCreateUser,
|
|
changeUserRole,
|
|
resetUserPassword
|
|
};
|