bugfix permissions

src/services/rbacManager.js

@@ -1,8 +1,9 @@
-// rbac/RbacService.js
+const jwt = require('jsonwebtoken');
 
 class RBACManager {
-  constructor(databaseModel) {
+  constructor(databaseModel, SECRET_KEY) {
     this.db = databaseModel;
+    this.SECRET_KEY = SECRET_KEY;
   }
 
   async resolvePermissions(objectGuid) {
@@ -128,8 +129,6 @@ class RBACManager {
           return next(); // oder 401 wenn du streng sein willst
         }
 
-        const rbac = this.rbac;
-
         const permissions = req.user.permissions || [];
         const isSuperAdmin = req.user.isSuperAdmin || false;
 
@@ -137,16 +136,12 @@ class RBACManager {
           permissions,
           isSuperAdmin,
           hasPermission: (required) =>
-            rbac.hasPermission(permissions, required, isSuperAdmin)
+            this.hasPermission(permissions, required, isSuperAdmin)
         };
-
-        return next();
-
         next();
 
       } catch (err) {
-        console.error('[RBAC MIDDLEWARE ERROR]', err);
-        return res.status(500).json({ message: 'RBAC Fehler' });
+        return res.status(500).json('[RBAC MIDDLEWARE ERROR]', err);
       }
     };
   }
@@ -168,7 +163,11 @@ class RBACManager {
 
         const publicRoutes = [
           '/login',
-          '/public'
+          '/public',
+          '/css',
+          '/js',
+          '/images',
+          '/favicon.ico'
         ];
 
         const isPublicRoute = publicRoutes.some(route =>
@@ -216,7 +215,6 @@ class RBACManager {
           permissions: normalized,
           isSuperAdmin
         };
-
         next();
 
       } catch (err) {