feat: add user role management (admin/partner/gesperrt) with login block
All checks were successful
Staging Build / build (push) Successful in 2m44s

This commit is contained in:
DanielS
2026-06-24 14:26:25 +02:00
parent 26de6820e3
commit cd04309e3e
5 changed files with 103 additions and 33 deletions

View File

@@ -49,6 +49,9 @@ export async function signIn(email: string, password: string) {
if (userError || !userData || (userData.role !== 'partner' && userData.role !== 'admin')) {
await supabase.auth.signOut()
if (userData?.role === 'gesperrt') {
return { success: false, error: "Ihr Konto wurde gesperrt. Bitte wenden Sie sich an den Administrator." }
}
return { success: false, error: "Zugriff verweigert. Nur registrierte Partner dürfen sich anmelden." }
}

View File

@@ -54,6 +54,15 @@ export async function deleteUser(id: string) {
revalidatePath('/admin/users')
}
export async function updateUserRole(id: string, role: 'admin' | 'partner' | 'gesperrt') {
const admin = createAdminClient()
const { error } = await admin
.from('users')
.upsert({ id, role }, { onConflict: 'id' })
if (error) throw error
revalidatePath('/admin/users')
}
export async function updateUserStatus(id: string, ban: boolean) {
const admin = createAdminClient()
const { error } = await admin.auth.admin.updateUserById(id, {

View File

@@ -84,6 +84,28 @@ export async function updateSession(request: NextRequest) {
}
}
// Gesperrte Benutzer sofort ausloggen
if (
user?.sub &&
!request.nextUrl.pathname.startsWith("/auth")
) {
const { data: dbUser } = await supabase
.from("users")
.select("role")
.eq("id", user.sub)
.single();
if (dbUser?.role === "gesperrt") {
const url = request.nextUrl.clone();
url.pathname = "/auth/login";
url.searchParams.set("error", "gesperrt");
// Clear cookie so the session is fully gone
const response = NextResponse.redirect(url);
response.cookies.delete("webshop-auth-token");
return response;
}
}
// IMPORTANT: You *must* return the supabaseResponse object as it is.
// If you're creating a new response object with NextResponse.next() make sure to:
// 1. Pass the request in it, like so: