feat(frontend): Add roles

2025-07-28 06:46:31 +02:00
parent 115a12bbf5
commit 7b5a1a3bda
9 changed files with 359 additions and 32 deletions
--- a/legalconsenthub/server/utils/auth.ts
+++ b/legalconsenthub/server/utils/auth.ts
@@ -2,6 +2,15 @@ import { betterAuth } from 'better-auth'
 import Database from 'better-sqlite3'
 import { organization, jwt } from 'better-auth/plugins'
 import { resend } from './mail'
+import {
+  accessControl,
+  employerRole,
+  worksCouncilMemberRole,
+  employeeRole,
+  adminRole,
+  ROLES,
+  type LegalRole
+} from './permissions'

 export const auth = betterAuth({
  database: new Database('./sqlite.db'),
@@ -21,16 +30,46 @@ export const auth = betterAuth({
      }
    }),
    organization({
+      // Pass the access control instance and roles
+      ac: accessControl,
+      roles: {
+        [ROLES.EMPLOYER]: employerRole,
+        [ROLES.WORKS_COUNCIL_MEMBER]: worksCouncilMemberRole,
+        [ROLES.EMPLOYEE]: employeeRole,
+        [ROLES.ADMIN]: adminRole
+      },
+
+      // Creator gets admin role by default
+      creatorRole: ROLES.ADMIN,
+
      async sendInvitationEmail(data) {
        console.log('Sending invitation email', data)
        const inviteLink = `http://192.168.178.114:3001/accept-invitation/${data.id}`
+
+        const roleDisplayNames = {
+          [ROLES.EMPLOYER]: 'Arbeitgeber',
+          [ROLES.EMPLOYEE]: 'Arbeitnehmer',
+          [ROLES.WORKS_COUNCIL_MEMBER]: 'Betriebsrat',
+          [ROLES.ADMIN]: 'Administrator'
+        }
+
+        const roleDisplayName = roleDisplayNames[data.role as LegalRole] || data.role
+
        await resend.emails.send({
-          from: 'Acme <onboarding@resend.dev>',
+          from: 'Legal Consent Hub <noreply@legalconsenthub.com>',
          to: data.email,
-          subject: 'Email Verification',
-          html: `You are invited to the Organization ${data.organization.name}! Click the link to verify your email: ${inviteLink}`
+          subject: `Einladung als ${roleDisplayName} - ${data.organization.name}`,
+          html: `
+            <h2>Einladung zur Organisation ${data.organization.name}</h2>
+            <p>Sie wurden als <strong>${roleDisplayName}</strong> eingeladen.</p>
+            <p><a href="${inviteLink}" style="background: #007bff; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px;">Einladung annehmen</a></p>
+            <p>Diese Einladung läuft ab am: ${new Date(data.invitation.expiresAt).toLocaleDateString('de-DE')}</p>
+          `
        })
      }
    })
  ]
 })
+
+export { ROLES }
+export type { LegalRole }