rbac outsourced

src/services/rbacManager.js

@@ -104,6 +104,53 @@ class RBACManager {
     );
   }
 
+
+  // =========================================================
+  // 🔐 GLOBAL RBAC MIDDLEWARE (app.use)
+  // =========================================================
+  //
+  // USAGE:
+  // app.get('/admin/users', (req, res) => {
+  //   if (!req.auth.hasPermission([
+  //     { scope: 'USER', action: 'READ', resource: 'USERS' }
+  //   ])) {
+  //     return res.status(403).send('Forbidden');
+  //   }
+
+  //   res.json({ ok: true });
+  // });
+  requirePermissionMiddleware() {
+    return async (req, res, next) => {
+      try {
+
+        // 🔥 wenn noch kein User da ist → Auth Middleware fehlt
+        if (!req.user) {
+          return next(); // oder 401 wenn du streng sein willst
+        }
+
+        const rbac = this.rbac;
+
+        const permissions = req.user.permissions || [];
+        const isSuperAdmin = req.user.isSuperAdmin || false;
+
+        req.auth = {
+          permissions,
+          isSuperAdmin,
+          hasPermission: (required) =>
+            rbac.hasPermission(permissions, required, isSuperAdmin)
+        };
+
+        return next();
+
+        next();
+
+      } catch (err) {
+        console.error('[RBAC MIDDLEWARE ERROR]', err);
+        return res.status(500).json({ message: 'RBAC Fehler' });
+      }
+    };
+  }
+
   normalize(permissions) {
     return permissions.map(p => ({
       scope: p.scope,