rights system

backend/src/routes/member.routes.ts

@@ -17,49 +17,49 @@ router.use(authenticate);
 // "stats" as a userId parameter.
 router.get(
   '/stats',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getMemberStats.bind(memberController)
 );
 
 router.get(
   '/',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getMembers.bind(memberController)
 );
 
 router.get(
   '/:userId',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getMemberById.bind(memberController)
 );
 
 router.post(
   '/:userId/profile',
-  requirePermission('members:write'),
+  requirePermission('mitglieder:edit'),
   memberController.createMemberProfile.bind(memberController)
 );
 
 router.get(
   '/:userId/befoerderungen',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getBefoerderungen.bind(memberController)
 );
 
 router.get(
   '/:userId/untersuchungen',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getUntersuchungen.bind(memberController)
 );
 
 router.get(
   '/:userId/fahrgenehmigungen',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getFahrgenehmigungen.bind(memberController)
 );
 
 router.get(
   '/:userId/ausbildungen',
-  requirePermission('members:read'),
+  requirePermission('mitglieder:view'),
   memberController.getAusbildungen.bind(memberController)
 );
 
@@ -76,7 +76,7 @@ const requireOwnerOrWrite = (req: Request, res: Response, next: NextFunction): v
     return;
   }
   // Not the owner — must have members:write permission
-  requirePermission('members:write')(req, res, next);
+  requirePermission('mitglieder:edit')(req, res, next);
 };
 
 /**