gdpr audit implemented, email log, vollmachten, pdf delete cancel data privacy and vollmachten, removed message no id card in engergy car, and other contracts that are not telecom contracts, added insert counter for engery
This commit is contained in:
@@ -0,0 +1,84 @@
|
||||
import { Router } from 'express';
|
||||
import multer from 'multer';
|
||||
import path from 'path';
|
||||
import fs from 'fs';
|
||||
import { authenticate, requirePermission } from '../middleware/auth.js';
|
||||
import * as gdprController from '../controllers/gdpr.controller.js';
|
||||
|
||||
const router = Router();
|
||||
|
||||
// Multer für Vollmacht-Uploads
|
||||
const uploadsDir = path.join(process.cwd(), 'uploads', 'authorizations');
|
||||
if (!fs.existsSync(uploadsDir)) {
|
||||
fs.mkdirSync(uploadsDir, { recursive: true });
|
||||
}
|
||||
const authUpload = multer({
|
||||
storage: multer.diskStorage({
|
||||
destination: (_req, _file, cb) => cb(null, uploadsDir),
|
||||
filename: (_req, file, cb) => {
|
||||
const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
|
||||
cb(null, `vollmacht-${uniqueSuffix}${path.extname(file.originalname)}`);
|
||||
},
|
||||
}),
|
||||
fileFilter: (_req, file, cb) => {
|
||||
if (file.mimetype === 'application/pdf') {
|
||||
cb(null, true);
|
||||
} else {
|
||||
cb(new Error('Nur PDF-Dateien sind erlaubt'));
|
||||
}
|
||||
},
|
||||
limits: { fileSize: 10 * 1024 * 1024 },
|
||||
});
|
||||
|
||||
// Alle Routen erfordern Authentifizierung
|
||||
router.use(authenticate);
|
||||
|
||||
// Dashboard-Statistiken
|
||||
router.get('/dashboard', requirePermission('gdpr:admin'), gdprController.getDashboardStats);
|
||||
|
||||
// Kundendaten exportieren (DSGVO Art. 15)
|
||||
router.get('/customer/:customerId/export', requirePermission('gdpr:export'), gdprController.exportCustomerData);
|
||||
|
||||
// Löschanfragen
|
||||
router.get('/deletions', requirePermission('gdpr:admin'), gdprController.getDeletionRequests);
|
||||
router.get('/deletions/:id', requirePermission('gdpr:admin'), gdprController.getDeletionRequest);
|
||||
router.post('/deletions', requirePermission('gdpr:delete'), gdprController.createDeletionRequest);
|
||||
router.put('/deletions/:id/process', requirePermission('gdpr:admin'), gdprController.processDeletionRequest);
|
||||
|
||||
// Einwilligungen (Consents)
|
||||
router.get('/customer/:customerId/consent-status', requirePermission('customers:read'), gdprController.checkConsentStatus);
|
||||
router.get('/customer/:customerId/consents', requirePermission('customers:read'), gdprController.getCustomerConsents);
|
||||
// Consent-Update: Nur authenticate (Check im Controller - nur Portal-User erlaubt)
|
||||
router.put('/customer/:customerId/consents/:consentType', gdprController.updateCustomerConsent);
|
||||
router.get('/consents/overview', requirePermission('gdpr:admin'), gdprController.getConsentOverview);
|
||||
|
||||
// Datenschutzerklärung (Editor)
|
||||
router.get('/privacy-policy', requirePermission('gdpr:admin'), gdprController.getPrivacyPolicy);
|
||||
router.put('/privacy-policy', requirePermission('gdpr:admin'), gdprController.updatePrivacyPolicy);
|
||||
|
||||
// Vollmacht-Vorlage (Editor)
|
||||
router.get('/authorization-template', requirePermission('gdpr:admin'), gdprController.getAuthorizationTemplate);
|
||||
router.put('/authorization-template', requirePermission('gdpr:admin'), gdprController.updateAuthorizationTemplate);
|
||||
|
||||
// Consent-Link senden
|
||||
router.post('/customer/:customerId/send-consent-link', requirePermission('customers:update'), gdprController.sendConsentLink);
|
||||
|
||||
// Portal: Eigene Datenschutzseite (nur authenticate, Check im Controller)
|
||||
router.get('/my-privacy', gdprController.getMyPrivacy);
|
||||
router.get('/my-privacy/pdf', gdprController.getMyPrivacyPdf);
|
||||
router.get('/my-consent-status', gdprController.getMyConsentStatus);
|
||||
|
||||
// Vollmachten (Admin)
|
||||
router.get('/customer/:customerId/authorizations', requirePermission('customers:read'), gdprController.getAuthorizations);
|
||||
router.post('/customer/:customerId/authorizations/:representativeId/send', requirePermission('customers:update'), gdprController.sendAuthorizationRequest);
|
||||
router.post('/customer/:customerId/authorizations/:representativeId/grant', requirePermission('customers:update'), gdprController.grantAuthorization);
|
||||
router.post('/customer/:customerId/authorizations/:representativeId/withdraw', requirePermission('customers:update'), gdprController.withdrawAuthorization);
|
||||
router.post('/customer/:customerId/authorizations/:representativeId/upload', requirePermission('customers:update'), authUpload.single('document'), gdprController.uploadAuthorizationDocument);
|
||||
router.delete('/customer/:customerId/authorizations/:representativeId/document', requirePermission('customers:update'), gdprController.deleteAuthorizationDocument);
|
||||
|
||||
// Portal: Vollmachten
|
||||
router.get('/my-authorizations', gdprController.getMyAuthorizations);
|
||||
router.put('/my-authorizations/:representativeId', gdprController.toggleMyAuthorization);
|
||||
router.get('/my-authorization-status', gdprController.getMyAuthorizationStatus);
|
||||
|
||||
export default router;
|
||||
Reference in New Issue
Block a user