New Admin Dashboard

backend/src/plugins/auth.ts

@@ -6,6 +6,7 @@ import { secrets } from "../utils/secrets"
 import {
     authUserRoles,
     authRolePermissions,
+    authUsers,
 } from "../../db/schema"
 
 import { eq, and } from "drizzle-orm"
@@ -43,6 +44,16 @@ export default fp(async (server: FastifyInstance) => {
             // Payload an Request hängen
             req.user = payload
 
+            const [currentUser] = await server.db
+                .select({
+                    is_admin: authUsers.is_admin,
+                })
+                .from(authUsers)
+                .where(eq(authUsers.id, payload.user_id))
+                .limit(1)
+
+            req.user.is_admin = Boolean(currentUser?.is_admin)
+
             // Multi-Tenant Modus ohne ausgewählten Tenant → keine Rollenprüfung
             if (!req.user.tenant_id) {
                 return
@@ -66,6 +77,13 @@ export default fp(async (server: FastifyInstance) => {
                 .limit(1)
 
             if (roleRows.length === 0) {
+                if (req.user.is_admin) {
+                    req.role = ""
+                    req.permissions = []
+                    req.hasPermission = () => false
+                    return
+                }
+
                 return reply
                     .code(403)
                     .send({ error: "No role assigned for this tenant" })
@@ -107,6 +125,7 @@ declare module "fastify" {
             user_id: string
             email: string
             tenant_id: number | null
+            is_admin?: boolean
         }
         role: string
         permissions: string[]