4 files changed, 48 insertions, 5 deletions

diff --git a/src/main/resources/templates/configs.html b/src/main/resources/templates/configs.html
index ebef7ca..2103b0b 100644
--- a/src/main/resources/templates/configs.html
+++ b/src/main/resources/templates/configs.html
@@ -40,6 +40,9 @@
         <section th:insert="~{configs/tokens.html}">
         </section>
 
+        <section th:insert="~{configs/userroles.html}">
+        </section>
+
         <section hx-ext="sse" th:sse-connect="@{/configs/events}">
             <div th:insert="~{configs/connectionAvailable.html}" th:hx-get="@{/configs?connectionAvailable}" hx-trigger="sse:connection-available">
             </div>
diff --git a/src/main/resources/templates/configs/userroles.html b/src/main/resources/templates/configs/userroles.html
new file mode 100644
index 0000000..23cc5f2
--- /dev/null
+++ b/src/main/resources/templates/configs/userroles.html
@@ -0,0 +1,39 @@
+<div th:if="${not userRolesEnabled}">
+    <h2><span>⛔</span> Benutzerberechtigungen</h2>
+    <p>Die Verwendung von rollenbasierten Benutzerberechtigungen ist nicht aktiviert.</p>
+</div>
+
+<div id="userroles" th:if="${userRolesEnabled}">
+    <h2><span>✅</span> Benutzerberechtigungen</h2>
+    <div class="border">
+        <div th:if="${userRoles.isEmpty()}">Noch keine Benutzerberechtigungen vorhanden.</div>
+        <table th:if="${not userRoles.isEmpty()}">
+            <thead>
+                <tr>
+                    <th>Benutzername</th>
+                    <th>Rolle</th>
+                    <th></th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr th:each="userRole : ${userRoles}">
+                    <td>[[ ${userRole.username} ]]</td>
+                    <td>
+                        <div class="userrole-form">
+                            <form th:hx-put="@{/configs/userroles/{id}(id=${userRole.id})}" hx-target="#userroles">
+                                <select name="role">
+                                    <option th:selected="${userRole.role.value == 'guest'}" value="GUEST">Gast</option>
+                                    <option th:selected="${userRole.role.value == 'user'}" value="USER">Benutzer</option>
+                                </select>
+                                <button class="btn btn-blue">Übernehmen</button>
+                            </form>
+                        </div>
+                    </td>
+                    <td>
+                        <button class="btn btn-red" th:hx-delete="@{/configs/userroles/{id}(id=${userRole.id})}" hx-target="#userroles">Löschen</button>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </div>
+</div>
\ No newline at end of file
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index 3951f66..be3123b 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -53,17 +53,17 @@
                         <td th:style="${request.type.value == 'delete'} ? 'color: red;'"><small>[[ ${request.type} ]]</small></td>
                         <td th:if="not ${request.report}">[[ ${request.uuid} ]]</td>
                         <td th:if="${request.report}">
-                            <th:block sec:authorize="not authenticated">[[ ${request.uuid} ]]</th:block>
-                            <a th:href="@{/report/{id}(id=${request.uuid})}" sec:authorize="authenticated">[[ ${request.uuid} ]]</a>
+                            <a th:href="@{/report/{id}(id=${request.uuid})}" sec:authorize="hasRole('USER') or hasRole('ADMIN')">[[ ${request.uuid} ]]</a>
+                            <th:block sec:authorize="not (hasRole('USER') or hasRole('ADMIN'))">[[ ${request.uuid} ]]</th:block>
                         </td>
                         <td><time th:datetime="${request.processedAt}">[[ ${request.processedAt} ]]</time></td>
-                        <td class="patient-id" th:if="${patientId != null}" sec:authorize="authenticated">
+                        <td class="patient-id" th:if="${patientId != null}" sec:authorize="hasRole('USER') or hasRole('ADMIN')">
                             [[ ${request.patientId} ]]
                         </td>
-                        <td class="patient-id" th:if="${patientId == null}" sec:authorize="authenticated">
+                        <td class="patient-id" th:if="${patientId == null}" sec:authorize="hasRole('USER') or hasRole('ADMIN')">
                             <a th:href="@{/patient/{pid}(pid=${request.patientId})}">[[ ${request.patientId} ]]</a>
                         </td>
-                        <td class="patient-id" sec:authorize="not authenticated">***</td>
+                        <td class="patient-id" sec:authorize="not (hasRole('USER') or hasRole('ADMIN'))">***</td>
                     </tr>
                 </tbody>
             </table>
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
index 4ef8ec9..75a3681 100644
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -11,6 +11,7 @@
         <div class="login-form">
             <h2 class="centered">Anmelden</h2>
             <div class="centered notification error" th:if="${param.error}">Anmeldung nicht erfolgreich</div>
+            <div class="centered notification notice" th:if="${param.expired}">Sitzung abgelaufen oder von einem Administrator beendet.</div>
             <div class="centered notification success" th:if="${param.logout}">Sie haben sich abgemeldet</div>
             <form method="post" th:action="@{/login}">
                 <input type="text" id="username" name="username" class="form-control" placeholder="Username" required="" autofocus="" />