From 03ea3edb8b86a4cc886988daa30cbc930d410b4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jesko=20Ansch=C3=BCtz?= <jesko@linuxmuster.net>
Date: Fri, 27 Mar 2026 21:34:21 +0100
Subject: [PATCH] =?UTF-8?q?feat(handler):=20HandleCreateScreenUser=20liest?=
 =?UTF-8?q?=20role;=20UserRole=20ans=20Template=20=C3=BCbergeben?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 server/backend/internal/httpapi/manage/ui.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/server/backend/internal/httpapi/manage/ui.go b/server/backend/internal/httpapi/manage/ui.go
index cc4daf0..287d033 100644
--- a/server/backend/internal/httpapi/manage/ui.go
+++ b/server/backend/internal/httpapi/manage/ui.go
@@ -201,7 +201,7 @@ func HandleAdminUI(tenants *store.TenantStore, screens *store.ScreenStore, auth
 	}
 }
 
-// HandleCreateScreenUser creates a new screen_user for the default tenant.
+// HandleCreateScreenUser creates a new screen user (role: screen_user or restricted) for the default tenant.
 func HandleCreateScreenUser(auth *store.AuthStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if err := r.ParseForm(); err != nil {
@@ -215,12 +215,17 @@ func HandleCreateScreenUser(auth *store.AuthStore) http.HandlerFunc {
 			return
 		}
 
+		role := r.FormValue("role")
+		if role != "screen_user" && role != "restricted" {
+			role = "screen_user"
+		}
+
 		tenantSlug := "morz"
 		if u := reqcontext.UserFromContext(r.Context()); u != nil && u.TenantSlug != "" {
 			tenantSlug = u.TenantSlug
 		}
 
-		_, err := auth.CreateScreenUser(r.Context(), tenantSlug, username, password)
+		_, err := auth.CreateScreenUser(r.Context(), tenantSlug, username, password, role)
 		if err != nil {
 			slog.Error("create screen user failed", "event", "create_screen_user_failed",
 				"tenant_slug", tenantSlug, "username", username, "err", err)
@@ -337,6 +342,7 @@ func HandleScreenOverview(screens *store.ScreenStore, schedules *store.ScreenSch
 			"Cards":          cards,
 			"CSRFToken":      csrfToken,
 			"GlobalOverride": activeOverride,
+			"UserRole":       u.Role,
 		})
 	}
 }
@@ -450,6 +456,11 @@ func HandleManageUI(
 			serverTimezone = time.Now().Location().String()
 		}
 
+		userRole := ""
+		if u := reqcontext.UserFromContext(r.Context()); u != nil {
+			userRole = u.Role
+		}
+
 		renderTemplate(w, t, map[string]any{
 			"Screen":            screen,
 			"Tenant":            tenant,
@@ -465,6 +476,7 @@ func HandleManageUI(
 			"CSRFToken":         csrfToken,
 			"DisplayState":      displayState,
 			"Schedule":          schedule,
+			"UserRole":          userRole,
 		})
 	}
 }