Praxissofttware/views/partials/sidebar.ejs

<div class="sidebar">

  <!-- ✅ Logo + Sprachbuttons -->
  <div style="margin-bottom:30px; display:flex; flex-direction:column; gap:10px;">

    <!-- ✅ Zeile 1: Logo -->
    <div style="padding:20px; text-align:center;">
      <div class="logo" style="margin:0;">
        🩺 Praxis System
      </div>
    </div>

    <!-- ✅ Zeile 2: Sprache -->
    <div style="display:flex; gap:8px;">
      <a
        href="/lang/de"
        class="btn btn-sm btn-outline-light <%= lang === 'de' ? 'active' : '' %>"
        style="padding:2px 8px; font-size:12px;"
        title="Deutsch"
      >
        DE
      </a>

      <a
        href="/lang/es"
        class="btn btn-sm btn-outline-light <%= lang === 'es' ? 'active' : '' %>"
        style="padding:2px 8px; font-size:12px;"
        title="Español"
      >
        ES
      </a>
    </div>

  </div>

  <%
    const role = user?.role || null;

    const canDoctorAndStaff = role === "arzt" || role === "mitarbeiter";
    const canOnlyAdmin      = role === "admin";

    function hrefIfAllowed(allowed, href) {
      return allowed ? href : "#";
    }

    function lockClass(allowed) {
      return allowed ? "" : "locked";
    }

    // Nachricht je Berechtigungsgruppe
    function lockMsg(allowed, requiredRole) {
      if (allowed) return "";
      if (requiredRole === "admin") return "Kein Zugriff – nur für Administratoren";
      return "Kein Zugriff – nur für Ärzte und Mitarbeiter";
    }
  %>

  <!-- ✅ Patienten (Arzt + Mitarbeiter) -->
  <a
    href="<%= hrefIfAllowed(canDoctorAndStaff, '/patients') %>"
    class="nav-item <%= active === 'patients' ? 'active' : '' %> <%= lockClass(canDoctorAndStaff) %>"
    <% if (!canDoctorAndStaff) { %>data-locked="<%= lockMsg(canDoctorAndStaff, 'arzt') %>"<% } %>
  >
    <i class="bi bi-people"></i> <%= t.sidebar.patients %>
    <% if (!canDoctorAndStaff) { %>
      <span style="margin-left:auto;"><i class="bi bi-lock-fill"></i></span>
    <% } %>
  </a>

  <!-- ✅ Kalender (Arzt + Mitarbeiter) -->
  <a
    href="<%= hrefIfAllowed(canDoctorAndStaff, '/calendar') %>"
    class="nav-item <%= active === 'calendar' ? 'active' : '' %> <%= lockClass(canDoctorAndStaff) %>"
    <% if (!canDoctorAndStaff) { %>data-locked="<%= lockMsg(canDoctorAndStaff, 'arzt') %>"<% } %>
  >
    <i class="bi bi-calendar3"></i> Kalender
    <% if (!canDoctorAndStaff) { %>
      <span style="margin-left:auto;"><i class="bi bi-lock-fill"></i></span>
    <% } %>
  </a>

  <!-- ✅ Medikamente (Arzt + Mitarbeiter) -->
  <a
    href="<%= hrefIfAllowed(canDoctorAndStaff, '/medications') %>"
    class="nav-item <%= active === 'medications' ? 'active' : '' %> <%= lockClass(canDoctorAndStaff) %>"
    <% if (!canDoctorAndStaff) { %>data-locked="<%= lockMsg(canDoctorAndStaff, 'arzt') %>"<% } %>
  >
    <i class="bi bi-capsule"></i> <%= t.sidebar.medications %>
    <% if (!canDoctorAndStaff) { %>
      <span style="margin-left:auto;"><i class="bi bi-lock-fill"></i></span>
    <% } %>
  </a>

  <!-- ✅ Offene Leistungen (Arzt + Mitarbeiter) -->
  <a
    href="<%= hrefIfAllowed(canDoctorAndStaff, '/services/open') %>"
    class="nav-item <%= active === 'services' ? 'active' : '' %> <%= lockClass(canDoctorAndStaff) %>"
    <% if (!canDoctorAndStaff) { %>data-locked="<%= lockMsg(canDoctorAndStaff, 'arzt') %>"<% } %>
  >
    <i class="bi bi-receipt"></i> <%= t.sidebar.servicesOpen %>
    <% if (!canDoctorAndStaff) { %>
      <span style="margin-left:auto;"><i class="bi bi-lock-fill"></i></span>
    <% } %>
  </a>

  <!-- ✅ Abrechnung (Arzt + Mitarbeiter) -->
  <a
    href="<%= hrefIfAllowed(canDoctorAndStaff, '/admin/invoices') %>"
    class="nav-item <%= active === 'billing' ? 'active' : '' %> <%= lockClass(canDoctorAndStaff) %>"
    <% if (!canDoctorAndStaff) { %>data-locked="<%= lockMsg(canDoctorAndStaff, 'arzt') %>"<% } %>
  >
    <i class="bi bi-cash-coin"></i> <%= t.sidebar.billing %>
    <% if (!canDoctorAndStaff) { %>
      <span style="margin-left:auto;"><i class="bi bi-lock-fill"></i></span>
    <% } %>
  </a>

  <!-- ✅ Verwaltung (nur Admin) -->
  <a
    href="<%= hrefIfAllowed(canOnlyAdmin, '/admin/users') %>"
    class="nav-item <%= active === 'admin' ? 'active' : '' %> <%= lockClass(canOnlyAdmin) %>"
    <% if (!canOnlyAdmin) { %>data-locked="<%= lockMsg(canOnlyAdmin, 'admin') %>"<% } %>
  >
    <i class="bi bi-gear"></i> <%= t.sidebar.admin %>
    <% if (!canOnlyAdmin) { %>
      <span style="margin-left:auto;"><i class="bi bi-lock-fill"></i></span>
    <% } %>
  </a>

  <div class="spacer"></div>

  <!-- ✅ Logout -->
  <a href="/logout" class="nav-item">
    <i class="bi bi-box-arrow-right"></i> <%= t.sidebar.logout %>
  </a>

</div>

<!-- ✅ Kein-Zugriff Toast (CSP-sicher, kein Inline-Script) -->
<div class="position-fixed top-0 start-50 translate-middle-x p-3" style="z-index:9999; margin-top:16px;">
  <div id="lockToast" class="toast align-items-center text-bg-danger border-0" role="alert" aria-live="assertive">
    <div class="d-flex">
      <div class="toast-body d-flex align-items-center gap-2">
        <i class="bi bi-lock-fill"></i>
        <span id="lockToastMsg">Kein Zugriff</span>
      </div>
      <button type="button" class="btn-close btn-close-white me-2 m-auto" data-bs-dismiss="toast"></button>
    </div>
  </div>
</div>