bugfix rbac

src/services/authenticationManager.js

@@ -2,6 +2,7 @@ const jwt = require('jsonwebtoken');
 const bcrypt = require('bcryptjs');
 
 class AuthenticationManager {
+
   constructor(model, secretKey) {
     this.Authentication = model;
     this.SECRET_KEY = secretKey;
@@ -113,81 +114,6 @@ class AuthenticationManager {
       return { valid: false, levelId: 4 };
     }
   }
-
-  // =========================================================
-  // 🔥 MIDDLEWARE BLEIBT HIER
-  // =========================================================
-  authenticate() {
-    return async (req, res, next) => {
-
-      try {
-
-        // =====================================================
-        // 🔥 GLOBAL PUBLIC ROUTE BYPASS (ROBUST)
-        // =====================================================
-
-        const url = req.originalUrl.split('?')[0];
-
-        const publicRoutes = [
-          '/login',
-          '/public'
-        ];
-
-        const isPublicRoute = publicRoutes.some(route =>
-          url === route || url.startsWith(route + '/')
-        );
-
-        if (isPublicRoute) {
-          return next();
-        }
-
-        // =====================================================
-        // 🔐 AUTH FLOW
-        // =====================================================
-
-        const sAMAccountName = req.cookies?.sAMAccountName;
-
-        if (!sAMAccountName) {
-          return res.redirect('/login');
-        }
-
-        const user = await this.findUser(sAMAccountName);
-
-        if (!user || !user.active) {
-          return res.redirect('/login');
-        }
-
-        let payload;
-
-        try {
-          payload = jwt.verify(user.refreshtoken, this.SECRET_KEY);
-        } catch {
-          return res.redirect('/login');
-        }
-
-        const rbac = await this.rbac.resolvePermissions(user.ObjectGUID);
-
-        const normalized = this.rbac.normalize(rbac.permissions);
-        const isSuperAdmin = this.rbac.isSuperAdmin(normalized);
-
-        req.user = {
-          ...user.toJSON(),
-          jwt: payload,
-          groups: rbac.groups,
-          roles: rbac.roles,
-          permissions: normalized,
-          isSuperAdmin
-        };
-
-        next();
-
-      } catch (err) {
-        console.error(err);
-        return res.redirect('/login');
-      }
-    };
-  }
-  
 }
 
 module.exports = AuthenticationManager;