new features

2026-03-23 18:43:30 +01:00
parent 202a658b8d
commit 1b13e4f89e
31 changed files with 1022 additions and 517 deletions
--- a/backend/src/controllers/permission.controller.ts
+++ b/backend/src/controllers/permission.controller.ts
@@ -242,6 +242,64 @@ class PermissionController {
      res.status(500).json({ success: false, message: 'Fehler beim Laden der Benutzer' });
    }
  }
+  /**
+   * GET /api/permissions/debug/:userId
+   * Returns debug info for a specific user: their groups, resolved permissions,
+   * and maintenance flags. Admin only.
+   */
+  async debugUser(req: Request, res: Response): Promise<void> {
+    try {
+      const userId = req.params.userId as string;
+
+      // Fetch user's Authentik groups from DB
+      const { pool } = await import('../config/database');
+      const userResult = await pool.query(
+        'SELECT authentik_groups, email, name FROM users WHERE id = $1',
+        [userId]
+      );
+
+      if (userResult.rows.length === 0) {
+        res.status(404).json({ success: false, message: 'Benutzer nicht gefunden' });
+        return;
+      }
+
+      const user = userResult.rows[0];
+      const groups: string[] = user.authentik_groups ?? [];
+      const isAdmin = groups.includes('dashboard_admin');
+
+      // Resolve permissions for those groups
+      let permissions: string[];
+      if (isAdmin) {
+        const matrix = await permissionService.getMatrix();
+        permissions = matrix.permissions.map(p => p.id);
+      } else {
+        permissions = permissionService.getEffectivePermissions(groups);
+      }
+
+      // Maintenance flags
+      const maintenance = permissionService.getMaintenanceFlags();
+      const maintenanceActive = Object.entries(maintenance)
+        .filter(([, active]) => active)
+        .map(([featureGroup]) => featureGroup);
+
+      res.json({
+        success: true,
+        data: {
+          userId,
+          email: user.email,
+          name: user.name,
+          authentikGroups: groups,
+          isAdmin,
+          permissions,
+          maintenance,
+          maintenanceActiveFeatureGroups: maintenanceActive,
+        },
+      });
+    } catch (error) {
+      logger.error('Failed to debug user permissions', { error, userId: req.params.userId });
+      res.status(500).json({ success: false, message: 'Fehler beim Laden der Debug-Informationen' });
+    }
+  }
 }

 export default new PermissionController();