added Validation rules

backend/src/middleware/Validation/Access.md

@@ -0,0 +1,25 @@
+## User Settings
+
+### \[UPDATE\] Personal availability
+* Only the employee themselves can manage their availability
+* Must select a valid shift plan with defined shifts
+* All changes require explicit save action
+
+### \[VIEW\] ShiftPlan assignments
+* Published plans show actual assignments
+* Draft plans show preview assignments (if calculated)
+* Regular users can only view, not modify assignments
+
+## System-wide
+
+### \[ACCESS\] Role-based restrictions
+* `admin`: Full access to all features
+* `maintenance`: Access to shift plans and employee management (except admin users)
+* `user`: Read-only access to shift plans, can manage own availability and profile
+
+### \[DATA\] Validation rules
+* Email addresses are automatically generated from firstname/lastname
+* Employee status (`isActive`) controls login and planning eligibility
+* Trainee status affects independence (`canWorkAlone`) automatically
+* Date ranges must be valid (start before end)
+* All required fields must be filled before form submission

backend/src/middleware/Validation/Assignment.md

@@ -0,0 +1,20 @@
+## Shift Assignment
+
+### \[ACTION: update scheduled shift\]
+* Requires valid scheduled shift ID
+* Only updates assignedEmployees array
+* Requires authentication with valid token
+* Handles both JSON and non-JSON responses
+
+### \[ACTION: assign shifts automatically\]
+* Requires shift plan, employees, and availabilities
+* Availability preferenceLevel must be 1, 2, or 3
+* Constraints must be an array (converts non-array to empty array)
+* All employees must have valid availability data
+
+### \[ACTION: get scheduled shifts\]
+* Requires valid plan ID
+* Automatically fixes data structure inconsistencies:
+  - timeSlotId mapping (handles both naming conventions)
+  - requiredEmployees fallback to 2 if missing
+  - assignedEmployees fallback to empty array if missing

backend/src/middleware/Validation/Authentication.md

@@ -0,0 +1,16 @@
+## Authentication
+
+### \[ACTION: login\]
+* Requires valid email and password format
+* Server validates credentials before issuing token
+* Token and employee data stored in localStorage upon success
+
+### \[ACTION: register\]
+* Requires email, password, and name
+* Role is optional during registration
+* Automatically logs in user after successful registration
+
+### \[ACTION: access protected resources\]
+* Requires valid JWT token in Authorization header
+* Token is automatically retrieved from localStorage
+* Unauthorized requests (401) trigger automatic logout

backend/src/middleware/Validation/DataIntegrity

@@ -0,0 +1,23 @@
+## Data Integrity
+
+### \[GENERAL\] API communication
+* All fetch requests include error handling
+* Failed responses throw descriptive errors
+* Token validation before protected operations
+* Automatic localStorage cleanup on logout
+
+### \[GENERAL\] data persistence
+* Employee data cached in localStorage after login
+* Token automatically retrieved from localStorage
+* Data structure normalization for scheduled shifts
+
+### \[GENERAL\] error handling
+* Network errors are caught and logged
+* HTTP errors include status codes and messages
+* Failed authentication triggers cleanup and logout
+
+## Role & Permission Notes
+* The frontend services don't explicitly restrict actions by role
+* Role-based restrictions are likely handled by the backend
+* Frontend assumes user has permissions for requested operations
+* 401 responses indicate insufficient permissions at backend level

backend/src/middleware/Validation/Employee.md

@@ -0,0 +1,67 @@
+## Employee Management
+
+### \[CREATE/UPDATE\] employee
+* All employee operations require authentication
+* Password changes require current password + new password
+* Only authenticated users can create/update employees
+
+### \[ACTION: delete employee\]
+* Requires authentication
+* Server validates permissions before deletion
+
+### \[ACTION: update availability\]
+* Requires employee ID and plan ID
+* Availability updates must include valid preference levels
+* Only authenticated users can update availabilities
+
+### \[ACTION: update last login\]
+* Requires employee ID
+* Fails silently if update fails (logs error but doesn't block user)
+
+## Employee
+
+### \[CREATE\] Employee
+* `firstname` must not be empty
+* `lastname` must not be empty
+* `password` must be at least 6 characters (in create mode)
+* `employeeType` must be selected
+* Contract type validation:
+  * `manager`, `apprentice` => `contractType` = flexible
+  * `guest` => `contractType` = undefined/NONE
+  * `personell` => `contractType` = small || large
+
+### \[UPDATE\] Employee profile
+* `firstname` must not be empty
+* `lastname` must not be empty
+* Only the employee themselves or admins can update
+
+### \[UPDATE\] Employee password
+* `newPassword` must be at least 6 characters
+* `newPassword` must match `confirmPassword`
+* For admin password reset: no `currentPassword` required
+* For self-password change: `currentPassword` required
+
+### \[UPDATE\] Employee roles
+* Only users with role 'admin' can modify roles
+* At least one employee must maintain 'admin' role
+* Users cannot remove their own admin role
+
+### \[UPDATE\] Employee availability
+* Only active employees can set availability
+* Contract type requirements:
+  * `small` contract: minimum 2 available shifts (preference level 1 or 2)
+  * `large` contract: minimum 3 available shifts (preference level 1 or 2)
+  * `flexible` contract: no minimum requirement
+* Availability can only be set for valid shift patterns in selected plan
+* `shiftId` must be valid and exist in the current plan
+
+### \[ACTION: delete\] Employee
+* Only users with role 'admin' can delete employees
+* Cannot delete yourself
+* Cannot delete the last admin user
+* User confirmation required before deletion
+
+### \[ACTION: edit\] Employee
+* Admins can edit all employees
+* Maintenance users can edit non-admin employees or themselves
+* Regular users can only edit themselves

backend/src/middleware/Validation/Shiftplan.md

@@ -0,0 +1,66 @@
+## Shift Plan Management
+
+### \[CREATE\] shift plan
+* All operations require authentication
+* 401 responses trigger automatic logout
+* Scheduled shifts array is guaranteed to exist (empty array if none)
+
+### \[CREATE\] shift plan from preset
+* presetName must match existing TEMPLATE_PRESETS
+* Requires name, startDate, and endDate
+* isTemplate is optional (defaults to false)
+
+### \[UPDATE\] shift plan
+* Requires valid shift plan ID
+* Partial updates allowed
+* Authentication required
+
+### \[ACTION: delete shift plan\]
+* Requires authentication
+* 401 responses trigger automatic logout
+
+### \[ACTION: regenerate scheduled shifts\]
+* Requires valid plan ID
+* Authentication required
+* Fails silently if regeneration fails (logs error but continues)
+
+### \[ACTION: clear assignments\]
+* Requires valid plan ID
+* Authentication required
+* Clears all employee assignments from scheduled shifts
+
+## ShiftPlan
+
+### \[CREATE\] ShiftPlan from template
+* `planName` must not be empty
+* `startDate` must be set
+* `endDate` must be set
+* `endDate` must be after `startDate`
+* `selectedPreset` must be chosen (template must be selected)
+* Only available template presets can be used
+
+### \[ACTION: publish\] ShiftPlan
+* Plan must be in 'draft' status
+* All active employees must have set their availabilities for the plan
+* Only users with roles \['admin', 'maintenance'\] can publish
+* Assignment algorithm must not have critical violations (ERROR or ❌ KRITISCH)
+* employee && employee.contract_type === small => mind. 1 mal availability === 1 || availability === 2
+* employee && employee.contract_type === large => mind. 3 mal availability === 1 || availability === 2
+
+### \[ACTION: recreate assignments\]
+* Plan must be in 'published' status
+* Only users with roles \['admin', 'maintenance'\] can recreate
+* User confirmation required before clearing all assignments
+
+### \[ACTION: delete\] ShiftPlan
+* Only users with roles \['admin', 'maintenance'\] can delete
+* User confirmation required before deletion
+
+### \[ACTION: edit\] ShiftPlan
+* Only users with roles \['admin', 'maintenance'\] can edit
+* Can only edit plans in 'draft' status
+
+### \[UPDATE\] ShiftPlan shifts
+* `timeSlotId` must be selected from available time slots
+* `requiredEmployees` must be at least 1
+* `dayOfWeek` must be between 1-7