import { Request, Response } from 'express'; import prisma from '../lib/prisma.js'; import * as userService from '../services/user.service.js'; import { logChange } from '../services/audit.service.js'; import { ApiResponse } from '../types/index.js'; // Users export async function getUsers(req: Request, res: Response): Promise { try { const { search, isActive, roleId, page, limit } = req.query; const result = await userService.getAllUsers({ search: search as string, isActive: isActive !== undefined ? isActive === 'true' : undefined, roleId: roleId ? parseInt(roleId as string) : undefined, page: page ? parseInt(page as string) : undefined, limit: limit ? parseInt(limit as string) : undefined, }); res.json({ success: true, data: result.users, pagination: result.pagination, } as ApiResponse); } catch (error) { res.status(500).json({ success: false, error: 'Fehler beim Laden der Benutzer', } as ApiResponse); } } export async function getUser(req: Request, res: Response): Promise { try { const user = await userService.getUserById(parseInt(req.params.id)); if (!user) { res.status(404).json({ success: false, error: 'Benutzer nicht gefunden', } as ApiResponse); return; } res.json({ success: true, data: user } as ApiResponse); } catch (error) { res.status(500).json({ success: false, error: 'Fehler beim Laden des Benutzers', } as ApiResponse); } } export async function createUser(req: Request, res: Response): Promise { try { const user = await userService.createUser(req.body); await logChange({ req, action: 'CREATE', resourceType: 'User', resourceId: user.id.toString(), label: `Benutzer ${user.firstName} ${user.lastName} angelegt`, }); res.status(201).json({ success: true, data: user } as ApiResponse); } catch (error) { res.status(400).json({ success: false, error: error instanceof Error ? error.message : 'Fehler beim Erstellen des Benutzers', } as ApiResponse); } } export async function updateUser(req: Request, res: Response): Promise { try { const userId = parseInt(req.params.id); const data = req.body; // Vorherigen Stand laden für Audit const before = await prisma.user.findUnique({ where: { id: userId } }); const user = await userService.updateUser(userId, data); if (user) { // Audit: Geänderte Felder ermitteln und loggen if (before) { const changes: Record = {}; const fieldLabels: Record = { email: 'E-Mail', firstName: 'Vorname', lastName: 'Nachname', isActive: 'Aktiv', }; for (const [key, newVal] of Object.entries(data)) { if (['id', 'createdAt', 'updatedAt'].includes(key)) continue; const oldVal = (before as any)[key]; const norm = (v: unknown) => (v === null || v === undefined || v === '' ? null : v); if (JSON.stringify(norm(oldVal)) !== JSON.stringify(norm(newVal))) { const label = fieldLabels[key] || key; const formatVal = (v: unknown) => { if (v === null || v === undefined || v === '') return '-'; if (typeof v === 'boolean') return v ? 'Ja' : 'Nein'; return String(v); }; changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) }; } } const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von} → ${c.nach}`).join(', '); await logChange({ req, action: 'UPDATE', resourceType: 'User', resourceId: user.id.toString(), label: changeList ? `Benutzer ${user.firstName} ${user.lastName} aktualisiert: ${changeList}` : `Benutzer ${user.firstName} ${user.lastName} aktualisiert`, details: Object.keys(changes).length > 0 ? changes : undefined, }); } else { await logChange({ req, action: 'UPDATE', resourceType: 'User', resourceId: user.id.toString(), label: `Benutzer ${user.firstName} ${user.lastName} aktualisiert`, }); } } res.json({ success: true, data: user } as ApiResponse); } catch (error) { res.status(400).json({ success: false, error: error instanceof Error ? error.message : 'Fehler beim Aktualisieren des Benutzers', } as ApiResponse); } } export async function deleteUser(req: Request, res: Response): Promise { try { const userId = parseInt(req.params.id); const userBefore = await userService.getUserById(userId); await userService.deleteUser(userId); await logChange({ req, action: 'DELETE', resourceType: 'User', resourceId: userId.toString(), label: `Benutzer ${userBefore?.firstName || ''} ${userBefore?.lastName || ''} gelöscht`, }); res.json({ success: true, message: 'Benutzer gelöscht' } as ApiResponse); } catch (error) { res.status(400).json({ success: false, error: error instanceof Error ? error.message : 'Fehler beim Löschen des Benutzers', } as ApiResponse); } } // Roles export async function getRoles(req: Request, res: Response): Promise { try { const roles = await userService.getAllRoles(); res.json({ success: true, data: roles } as ApiResponse); } catch (error) { res.status(500).json({ success: false, error: 'Fehler beim Laden der Rollen', } as ApiResponse); } } export async function getRole(req: Request, res: Response): Promise { try { const role = await userService.getRoleById(parseInt(req.params.id)); if (!role) { res.status(404).json({ success: false, error: 'Rolle nicht gefunden', } as ApiResponse); return; } res.json({ success: true, data: role } as ApiResponse); } catch (error) { res.status(500).json({ success: false, error: 'Fehler beim Laden der Rolle', } as ApiResponse); } } export async function createRole(req: Request, res: Response): Promise { try { const role = await userService.createRole(req.body); await logChange({ req, action: 'CREATE', resourceType: 'Role', resourceId: role.id.toString(), label: `Rolle ${role.name} angelegt`, }); res.status(201).json({ success: true, data: role } as ApiResponse); } catch (error) { res.status(400).json({ success: false, error: error instanceof Error ? error.message : 'Fehler beim Erstellen der Rolle', } as ApiResponse); } } export async function updateRole(req: Request, res: Response): Promise { try { const role = await userService.updateRole(parseInt(req.params.id), req.body); if (role) { await logChange({ req, action: 'UPDATE', resourceType: 'Role', resourceId: role.id.toString(), label: `Rolle ${role.name} aktualisiert`, }); } res.json({ success: true, data: role } as ApiResponse); } catch (error) { res.status(400).json({ success: false, error: error instanceof Error ? error.message : 'Fehler beim Aktualisieren der Rolle', } as ApiResponse); } } export async function deleteRole(req: Request, res: Response): Promise { try { const roleId = parseInt(req.params.id); const role = await userService.getRoleById(roleId); await userService.deleteRole(roleId); await logChange({ req, action: 'DELETE', resourceType: 'Role', resourceId: roleId.toString(), label: `Rolle ${role?.name || roleId} gelöscht`, }); res.json({ success: true, message: 'Rolle gelöscht' } as ApiResponse); } catch (error) { res.status(400).json({ success: false, error: error instanceof Error ? error.message : 'Fehler beim Löschen der Rolle', } as ApiResponse); } } // Permissions export async function getPermissions(req: Request, res: Response): Promise { try { const permissions = await userService.getAllPermissions(); res.json({ success: true, data: permissions } as ApiResponse); } catch (error) { res.status(500).json({ success: false, error: 'Fehler beim Laden der Berechtigungen', } as ApiResponse); } }