myCRM/assets/js/stores/auth.js

import { defineStore } from 'pinia';
import { ref, computed } from 'vue';

export const useAuthStore = defineStore('auth', () => {
  const user = ref(null);
  const isAuthenticated = computed(() => user.value !== null);
  
  const fullName = computed(() => {
    if (!user.value) return '';
    return user.value.fullName || `${user.value.firstName} ${user.value.lastName}`;
  });

  const hasRole = (role) => {
    if (!user.value) return false;
    return user.value.roles && user.value.roles.includes(role);
  };

  const hasPermission = (permission) => {
    if (!user.value) return false;

    // Admin hat immer alle Permissions
    if (hasRole('ROLE_ADMIN')) return true;

    // Permission format: "module.action" z.B. "billing.view"
    const [module, action] = permission.split('.');
    if (!module || !action) return false;

    // Prüfe ob User die Module-Permission hat
    // Dies wird serverseitig validiert, hier nur UI-Steuerung
    if (!user.value.modulePermissions) return false;

    const modulePerms = user.value.modulePermissions[module];
    if (!modulePerms) return false;

    return modulePerms.includes(action);
  };

  const isAdmin = computed(() => hasRole('ROLE_ADMIN'));

  const initializeFromElement = () => {
    const appElement = document.getElementById('app');
    if (appElement && appElement.dataset.user) {
      try {
        const userData = JSON.parse(appElement.dataset.user);
        if (userData) {
          user.value = userData;
        }
      } catch (error) {
        console.error('Error parsing user data:', error);
      }
    }
  };

  const logout = async () => {
    window.location.href = '/logout';
  };

  return {
    user,
    isAuthenticated,
    fullName,
    hasRole,
    hasPermission,
    isAdmin,
    initializeFromElement,
    logout
  };
});