From 644ae8c0a858230f422bb47eae36764393743caf Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Tue, 16 Sep 2025 06:26:27 +0200
Subject: [PATCH] Fix jwt-token

---
 server/middleware/rbac.js | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/server/middleware/rbac.js b/server/middleware/rbac.js
index 136074c..7388124 100644
--- a/server/middleware/rbac.js
+++ b/server/middleware/rbac.js
@@ -240,10 +240,17 @@ const getRoles = () => {
  */
 const requirePermission = (resource, action) => {
   return (req, res, next) => {
-    if (!req.user || !req.user.role) {
+    if (!req.user) {
       return res.status(401).json({
         success: false,
-        message: 'Authentication required'
+        message: 'User not authenticated'
+      });
+    }
+
+    if (!req.user.role) {
+      return res.status(403).json({
+        success: false,
+        message: 'Insufficient permissions'
       });
     }
 
@@ -253,9 +260,7 @@ const requirePermission = (resource, action) => {
     if (!hasRequiredPermission) {
       return res.status(403).json({
         success: false,
-        message: 'Insufficient permissions',
-        required_permission: `${resource}.${action}`,
-        user_role: userRole
+        message: 'Insufficient permissions'
       });
     }
 
@@ -337,7 +342,6 @@ module.exports = {
   getPermissions,
   getRoles,
   requirePermission,
-  requirePermission,
   requirePermissions,
   requireAnyPermission
 };