fixed sidebar and backend for sidebar

2025-08-19 14:00:00 +02:00
parent 298bc81435
commit 06f84cddc4
4 changed files with 28 additions and 10 deletions
--- a/backend/routes/api.js
+++ b/backend/routes/api.js
@@ -7,7 +7,10 @@ const router = express.Router();
 router.post("/login", async (req, res) => {
  const result = await loginFunc(req.body.username, req.body.password);
  if (result.success) {
-    const token = await generateToken({ username: req.body.username });
+    const token = await generateToken({
+      username: result.data.username,
+      role: result.data.role,
+    });
    res.status(200).json({ message: "Login successful", token });
  } else {
    res.status(401).json({ message: "Invalid credentials" });
@@ -15,7 +18,8 @@ router.post("/login", async (req, res) => {
 });

 router.get("/items", authenticate, async (req, res) => {
-  const result = await getItemsFromDatabase();
+  console.log(req);
+  const result = await getItemsFromDatabase(req.user.role);
  if (result.success) {
    res.status(200).json(result.data);
  } else {
--- a/backend/services/database.js
+++ b/backend/services/database.js
@@ -17,14 +17,21 @@ export const loginFunc = async (username, password) => {
    "SELECT * FROM users WHERE username = ? AND password = ?",
    [username, password]
  );
-  if (result.length > 0) return { success: true };
+  if (result.length > 0) return { success: true, data: result[0] };
  return { success: false };
 };

-export const getItemsFromDatabase = async () => {
-  const [result] = await pool.query("SELECT * FROM items");
-  if (result.length > 0) {
-    return { success: true, data: result };
+export const getItemsFromDatabase = async (role) => {
+  const sql =
+    role == 0
+      ? "SELECT * FROM items;"
+      : "SELECT * FROM items WHERE can_borrow_role >= ?";
+  const params = role == 0 ? [] : [role];
+
+  const [rows] = await pool.query(sql, params);
+  if (rows.length > 0) {
+    return { success: true, data: rows };
  }
  return { success: false };
 };
+