From d1bb95c2a8875e3eeada34632426df743f4f7bd6 Mon Sep 17 00:00:00 2001
From: "theis.gaedigk" <theis.gaedigk@icloud.com>
Date: Thu, 24 Jul 2025 11:30:00 +0200
Subject: [PATCH] added Function to recognise the frontend if the logged in
 user is an admin or not.

---
 backend/server.js                           |  8 +++-----
 backend/services/database.js                | 11 ++++-------
 frontend_admin/src/components/LoginCard.tsx |  2 ++
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/backend/server.js b/backend/server.js
index 5c3f294..8b4a3ed 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -36,11 +36,9 @@ app.post("/api/login", async (req, res) => {
         ...result,
       });
     } else if (result.success && result.user.role === "user") {
-      // PROBLEM BELOW DOESNT WORK
-      // FIX LATER
-      res.redirect("http://localhost:5003");
+      res.status(403).json(result, { message: "You are not an Admin!" }); // Event Handler is in LoginCard.tsx - there is defined what happens when the status is 403
     } else {
-      res.status(401).json(result, { message: "Invalid credentials" });
+      res.status(401).json(result, { message: "Invalid credentials" }); // Event Handler is in LoginCard.tsx - there is defined what happens when the status is 401
     }
   } catch (err) {
     console.error("Error logging in:", err);
@@ -117,7 +115,7 @@ app.post("/api/updateUser", authenticate, async (req, res) => {
       });
     console.log("User updated successfully");
   }
-})
+});
 
 app.listen(port, () => {
   console.log(`Express backend server is running at http://localhost:${port}`);
diff --git a/backend/services/database.js b/backend/services/database.js
index 52266cc..5bb7425 100644
--- a/backend/services/database.js
+++ b/backend/services/database.js
@@ -22,9 +22,9 @@ export async function loginUser(username, password) {
   );
 
   // If a user is found, return success and user data
-  if (result.length > 0 && result[0].role === "admin") {
-    console.log("User found: ", result[0].username, " ", result[0].id);
-    return { success: true, user: result[0] };
+  if (result.length > 0) {
+    console.log("User found: ", result[0]);
+    return { success: true, user: result[0] }; // result[0] contains ALL of the user data
   } else {
     // If no user is found, return failure message
     console.error(`Invalid username or password!; ${result[0]}`);
@@ -99,10 +99,7 @@ export async function updateUser(
 export async function deleteUser(id) {
   try {
     // Delete user based on username and password
-    const [result] = await pool.query(
-      "DELETE FROM users WHERE id = ?",
-      [id]
-    );
+    const [result] = await pool.query("DELETE FROM users WHERE id = ?", [id]);
     const resultOfquery = result.affectedRows;
 
     // If a user was deleted, return success
diff --git a/frontend_admin/src/components/LoginCard.tsx b/frontend_admin/src/components/LoginCard.tsx
index ed091b8..7e9b748 100644
--- a/frontend_admin/src/components/LoginCard.tsx
+++ b/frontend_admin/src/components/LoginCard.tsx
@@ -50,6 +50,8 @@ const LoginCard: React.FC<LoginCardProps> = ({ onClose }) => {
                   document.location.reload();
                 } else if (response.status === 401) {
                   alert("Invalid credentials");
+                } else if (response.status === 403) {
+                  alert("You are not an Admin!");
                 }
               })
               .catch((error) => {