fixed auth handling for access control

backend/src/routes/employees.ts

@@ -19,7 +19,7 @@ const router = express.Router();
 router.use(authMiddleware);
 
 // Employee CRUD Routes
-router.get('/', requireRole(['admin']), getEmployees);
+router.get('/', authMiddleware, getEmployees);
 router.get('/:id', requireRole(['admin', 'instandhalter']), getEmployee);
 router.post('/', requireRole(['admin']), createEmployee);
 router.put('/:id', requireRole(['admin']), updateEmployee);

backend/src/routes/shiftPlans.ts

@@ -20,18 +20,12 @@ router.use(authMiddleware);
 // GET all shift plans (including templates)
 router.get('/' , authMiddleware, getShiftPlans);
 
-// GET templates only
-//router.get('/templates', getTemplates);
-
 // GET specific shift plan or template
 router.get('/:id', authMiddleware, getShiftPlan);
 
 // POST create new shift plan
 router.post('/', requireRole(['admin', 'instandhalter']), createShiftPlan);
 
-// POST create new plan from template
-//router.post('/from-template', requireRole(['admin', 'instandhalter']), createFromTemplate);
-
 // POST create new plan from preset
 router.post('/from-preset', requireRole(['admin', 'instandhalter']), createFromPreset);
 

frontend/src/contexts/AuthContext.tsx

@@ -135,8 +135,12 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
   };
 
   const hasRole = (roles: string[]): boolean => {
-    if (!user) return false;
+    if (!user || !user.roles || user.roles.length === 0) return false;
-    return roles.length != 0;
+    
+    // Check if user has at least one of the required roles
+    return roles.some(requiredRole => 
+      user.roles!.includes(requiredRole)
+    );
   };
   
   useEffect(() => {