diff --git a/backend/src/routes/employees.ts b/backend/src/routes/employees.ts index c970b94..2c0ea58 100644 --- a/backend/src/routes/employees.ts +++ b/backend/src/routes/employees.ts @@ -19,7 +19,7 @@ const router = express.Router(); router.use(authMiddleware); // Employee CRUD Routes -router.get('/', requireRole(['admin']), getEmployees); +router.get('/', authMiddleware, getEmployees); router.get('/:id', requireRole(['admin', 'instandhalter']), getEmployee); router.post('/', requireRole(['admin']), createEmployee); router.put('/:id', requireRole(['admin']), updateEmployee); diff --git a/backend/src/routes/shiftPlans.ts b/backend/src/routes/shiftPlans.ts index f171f42..8f4a71d 100644 --- a/backend/src/routes/shiftPlans.ts +++ b/backend/src/routes/shiftPlans.ts @@ -20,18 +20,12 @@ router.use(authMiddleware); // GET all shift plans (including templates) router.get('/' , authMiddleware, getShiftPlans); -// GET templates only -//router.get('/templates', getTemplates); - // GET specific shift plan or template router.get('/:id', authMiddleware, getShiftPlan); // POST create new shift plan router.post('/', requireRole(['admin', 'instandhalter']), createShiftPlan); -// POST create new plan from template -//router.post('/from-template', requireRole(['admin', 'instandhalter']), createFromTemplate); - // POST create new plan from preset router.post('/from-preset', requireRole(['admin', 'instandhalter']), createFromPreset); diff --git a/frontend/src/contexts/AuthContext.tsx b/frontend/src/contexts/AuthContext.tsx index 61eac0d..baa7d2c 100644 --- a/frontend/src/contexts/AuthContext.tsx +++ b/frontend/src/contexts/AuthContext.tsx @@ -135,10 +135,14 @@ export const AuthProvider: React.FC = ({ children }) => { }; const hasRole = (roles: string[]): boolean => { - if (!user) return false; - return roles.length != 0; + if (!user || !user.roles || user.roles.length === 0) return false; + + // Check if user has at least one of the required roles + return roles.some(requiredRole => + user.roles!.includes(requiredRole) + ); }; - + useEffect(() => { const initializeAuth = async () => { console.log('🚀 Initializing authentication...');