From 2382b2dfaecd3e2b9f3c3fb1539d843533099b67 Mon Sep 17 00:00:00 2001
From: florianfederspiel <florian@fedeo.de>
Date: Sun, 9 Nov 2025 18:52:44 +0100
Subject: [PATCH] Fixed Role Loading

---
 src/plugins/auth.ts | 72 ++++++++++++++++++++++-----------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/src/plugins/auth.ts b/src/plugins/auth.ts
index cc86b1a..bf9648c 100644
--- a/src/plugins/auth.ts
+++ b/src/plugins/auth.ts
@@ -37,51 +37,51 @@ export default fp(async (server: FastifyInstance) => {
                 tenant_id: number;
             };
 
-            console.log("payload", payload);
-
             if (!payload?.user_id) {
                 return reply.code(401).send({ error: "Invalid token" });
             }
 
             req.user = payload;
 
-            // 3️⃣ Rolle des Nutzers im Tenant laden
-            const { data: roleData, error: roleError } = await server.supabase
-                .from("auth_user_roles")
-                .select("role_id")
-                .eq("user_id", payload.user_id)
-                .eq("tenant_id", payload.tenant_id)
-                .maybeSingle();
+            if(req.user.tenant_id) {
+                // 3️⃣ Rolle des Nutzers im Tenant laden
+                const { data: roleData, error: roleError } = await server.supabase
+                    .from("auth_user_roles")
+                    .select("role_id")
+                    .eq("user_id", payload.user_id)
+                    .eq("tenant_id", payload.tenant_id)
+                    .maybeSingle();
 
-            if (roleError) {
-                console.log("Error fetching user role", roleError);
-                return reply.code(500).send({ error: "Failed to load user role" });
+                if (roleError) {
+                    console.log("Error fetching user role", roleError);
+                    return reply.code(500).send({ error: "Failed to load user role" });
+                }
+
+                if (!roleData) {
+                    return reply.code(403).send({ error: "No role assigned for this tenant" });
+                }
+
+                const roleId = roleData.role_id;
+
+                // 4️⃣ Berechtigungen der Rolle laden
+                const { data: permissions, error: permsError } = await server.supabase
+                    .from("auth_role_permissions")
+                    .select("permission")
+                    .eq("role_id", roleId);
+
+                if (permsError) {
+                    console.log("Failed to load permissions", permsError);
+                    return reply.code(500).send({ error: "Permission lookup failed" });
+                }
+
+                const perms = permissions?.map((p) => p.permission) ?? [];
+
+                // 5️⃣ An Request hängen
+                req.role = roleId;
+                req.permissions = perms;
+                req.hasPermission = (perm: string) => perms.includes(perm);
             }
 
-            if (!roleData) {
-                return reply.code(403).send({ error: "No role assigned for this tenant" });
-            }
-
-            const roleId = roleData.role_id;
-
-            // 4️⃣ Berechtigungen der Rolle laden
-            const { data: permissions, error: permsError } = await server.supabase
-                .from("auth_role_permissions")
-                .select("permission")
-                .eq("role_id", roleId);
-
-            if (permsError) {
-                console.log("Failed to load permissions", permsError);
-                return reply.code(500).send({ error: "Permission lookup failed" });
-            }
-
-            const perms = permissions?.map((p) => p.permission) ?? [];
-
-            // 5️⃣ An Request hängen
-            req.role = roleId;
-            req.permissions = perms;
-            req.hasPermission = (perm: string) => perms.includes(perm);
-
         } catch (err) {
             return reply.code(401).send({ error: "Invalid or expired token" });
         }