From 29f405385e1059e633d3a81348abcef4fb382c12 Mon Sep 17 00:00:00 2001
From: Alex <$(pass /github/email)>
Date: Sun, 2 Mar 2025 10:27:56 +0100
Subject: [PATCH] implemented permission system

---
 frontend/src/lib/components/Header.svelte     |   4 +-
 .../src/lib/components/UserEditForm.svelte    | 281 +++++++++---------
 .../src/routes/auth/about/[id]/+page.svelte   |   4 +-
 .../routes/auth/admin/users/+page.server.js   |   6 +-
 .../src/routes/auth/admin/users/+page.svelte  | 163 ++++++++--
 go-backend/internal/constants/constants.go    |  20 +-
 6 files changed, 311 insertions(+), 167 deletions(-)

diff --git a/frontend/src/lib/components/Header.svelte b/frontend/src/lib/components/Header.svelte
index f5faa92..756d0a0 100644
--- a/frontend/src/lib/components/Header.svelte
+++ b/frontend/src/lib/components/Header.svelte
@@ -5,6 +5,8 @@
 	import { page } from '$app/stores';
 	import { t } from 'svelte-i18n';
 	import { writable } from 'svelte/store';
+	import { PERMISSIONS } from '$lib/utils/constants';
+	import { hasPrivilige } from '$lib/utils/helpers';
 
 	let isMobileMenuOpen = false;
 
@@ -104,7 +106,7 @@
 						{$page.data.user.last_name}
 					</a>
 				</div>
-				{#if $page.data.user.role_id > 0}
+				{#if hasPrivilige($page.data.user, PERMISSIONS.View)}
 					<div
 						class="header-nav-item"
 						class:active={$page.url.pathname.startsWith(`${base}/auth/admin/users`)}
diff --git a/frontend/src/lib/components/UserEditForm.svelte b/frontend/src/lib/components/UserEditForm.svelte
index efd50cc..5a954a8 100644
--- a/frontend/src/lib/components/UserEditForm.svelte
+++ b/frontend/src/lib/components/UserEditForm.svelte
@@ -3,8 +3,9 @@
 	import SmallLoader from '$lib/components/SmallLoader.svelte';
 	import { createEventDispatcher } from 'svelte';
 	import { applyAction, enhance } from '$app/forms';
-	import { receive, send } from '$lib/utils/helpers';
+	import { hasPrivilige, receive, send } from '$lib/utils/helpers';
 	import { t } from 'svelte-i18n';
+	import { PERMISSIONS } from '$lib/utils/constants';
 
 	/** @type {import('../../routes/auth/about/[id]/$types').ActionData} */
 	export let form;
@@ -29,7 +30,7 @@
 		profile_picture: '',
 		payment_status: 0,
 		status: 1,
-		role_id: 0,
+		role_id: 1,
 		membership: {
 			id: 0,
 			start_date: '',
@@ -70,12 +71,14 @@
 	/** @type {App.Locals['user'] | null} */
 	export let user;
 
-	/** @type {Number} */
-	export let role_id;
+	/** @type {App.Locals['user']} */
+	export let editor;
 
 	/** @type {App.Locals['user'] } */
 	let localUser;
 
+	let readonlyUser = !hasPrivilige(editor, PERMISSIONS.Update);
+
 	$: {
 		if (user !== undefined && !localUser) {
 			localUser =
@@ -106,8 +109,9 @@
 	const userRoleOptions = [
 		{ value: 0, label: $t('userRole.0'), color: '--subtext1' }, // Grey for "Nicht verifiziert"
 		{ value: 1, label: $t('userRole.1'), color: '--light-green' }, // Light green for "Verifiziert"
-		{ value: 4, label: $t('userRole.4'), color: '--green' }, // Green for "Aktiv"
-		{ value: 8, label: $t('userRole.8'), color: '--pink' } // Pink for "Passiv"
+		{ value: 2, label: $t('userRole.2'), color: '--green' }, // Light green for "Verifiziert"
+		{ value: 4, label: $t('userRole.4'), color: '--pink' }, // Green for "Aktiv"
+		{ value: 8, label: $t('userRole.8'), color: '--red' } // Pink for "Passiv"
 	];
 	const membershipStatusOptions = [
 		{ value: 3, label: $t('userStatus.3'), color: '--green' }, // Green for "Aktiv"
@@ -232,9 +236,9 @@
 				label={$t('status')}
 				bind:value={localUser.status}
 				options={userStatusOptions}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
-			{#if role_id === 8}
+			{#if hasPrivilige(editor, PERMISSIONS.Super)}
 				<InputField
 					name="user[role_id]"
 					type="select"
@@ -243,29 +247,31 @@
 					options={userRoleOptions}
 				/>
 			{/if}
-			<InputField
-				name="user[password]"
-				type="password"
-				label={$t('password')}
-				placeholder={$t('placeholder.password')}
-				bind:value={password}
-				otherPasswordValue={confirm_password}
-			/>
-			<InputField
-				name="confirm_password"
-				type="password"
-				label={$t('confirm_password')}
-				placeholder={$t('placeholder.password')}
-				bind:value={confirm_password}
-				otherPasswordValue={password}
-			/>
+			{#if hasPrivilige(localUser, PERMISSIONS.Member)}
+				<InputField
+					name="user[password]"
+					type="password"
+					label={$t('password')}
+					placeholder={$t('placeholder.password')}
+					bind:value={password}
+					otherPasswordValue={confirm_password}
+				/>
+				<InputField
+					name="confirm_password"
+					type="password"
+					label={$t('confirm_password')}
+					placeholder={$t('placeholder.password')}
+					bind:value={confirm_password}
+					otherPasswordValue={password}
+				/>
+			{/if}
 			<InputField
 				name="user[first_name]"
 				label={$t('user.first_name')}
 				bind:value={localUser.first_name}
 				placeholder={$t('placeholder.first_name')}
 				required={true}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
 			<InputField
 				name="user[last_name]"
@@ -273,7 +279,7 @@
 				bind:value={localUser.last_name}
 				placeholder={$t('placeholder.last_name')}
 				required={true}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
 			<InputField
 				name="user[company]"
@@ -296,14 +302,16 @@
 				bind:value={localUser.phone}
 				placeholder={$t('placeholder.phone')}
 			/>
-			<InputField
-				name="user[dateofbirth]"
-				type="date"
-				label={$t('user.dateofbirth')}
-				bind:value={localUser.dateofbirth}
-				placeholder={$t('placeholder.dateofbirth')}
-				readonly={role_id === 0}
-			/>
+			{#if hasPrivilige(localUser, PERMISSIONS.Member)}
+				<InputField
+					name="user[dateofbirth]"
+					type="date"
+					label={$t('user.dateofbirth')}
+					bind:value={localUser.dateofbirth}
+					placeholder={$t('placeholder.dateofbirth')}
+					readonly={readonlyUser}
+				/>
+			{/if}
 			<InputField
 				name="user[address]"
 				label={$t('address')}
@@ -322,7 +330,7 @@
 				bind:value={localUser.city}
 				placeholder={$t('placeholder.city')}
 			/>
-			{#if role_id > 0}
+			{#if !readonlyUser}
 				<InputField
 					name="user[notes]"
 					type="textarea"
@@ -335,77 +343,80 @@
 				/>
 			{/if}
 		</div>
-		<div class="tab-content" style="display: {activeTab === 'licence' ? 'block' : 'none'}">
-			<InputField
-				name="user[licence][status]"
-				type="select"
-				label={$t('status')}
-				bind:value={localUser.licence.status}
-				options={licenceStatusOptions}
-				readonly={role_id === 0}
-			/>
-			<InputField
-				name="user[licence][number]"
-				type="text"
-				label={$t('licence_number')}
-				bind:value={localUser.licence.number}
-				placeholder={$t('placeholder.licence_number')}
-				toUpperCase={true}
-				readonly={role_id === 0}
-			/>
-			<InputField
-				name="user[licence][issued_date]"
-				type="date"
-				label={$t('issued_date')}
-				bind:value={localUser.licence.issued_date}
-				placeholder={$t('placeholder.issued_date')}
-				readonly={role_id === 0}
-			/>
-			<InputField
-				name="user[licence][expiration_date]"
-				type="date"
-				label={$t('expiration_date')}
-				bind:value={localUser.licence.expiration_date}
-				placeholder={$t('placeholder.expiration_date')}
-				readonly={role_id === 0}
-			/>
-			<InputField
-				name="user[licence][country]"
-				label={$t('country')}
-				bind:value={localUser.licence.country}
-				placeholder={$t('placeholder.issuing_country')}
-				readonly={role_id === 0}
-			/>
-			<div class="licence-categories">
-				<h3>{$t('licence_categories')}</h3>
-				<div class="checkbox-grid">
-					{#each Object.entries(groupedCategories) as [, categories], groupIndex}
-						{#if groupIndex > 0}
-							<div class="category-break"></div>
-						{/if}
-						{#each categories as category}
-							<div class="checkbox-item">
-								<div class="checkbox-label-container">
-									<InputField
-										type="checkbox"
-										name="user[licence][categories][]"
-										value={JSON.stringify(category)}
-										label={category.category}
-										checked={localUser.licence.categories != null &&
-											localUser.licence.categories.some(
-												(cat) => cat.category === category.category
-											)}
-									/>
+
+		{#if hasPrivilige(localUser, PERMISSIONS.Member)}
+			<div class="tab-content" style="display: {activeTab === 'licence' ? 'block' : 'none'}">
+				<InputField
+					name="user[licence][status]"
+					type="select"
+					label={$t('status')}
+					bind:value={localUser.licence.status}
+					options={licenceStatusOptions}
+					readonly={readonlyUser}
+				/>
+				<InputField
+					name="user[licence][number]"
+					type="text"
+					label={$t('licence_number')}
+					bind:value={localUser.licence.number}
+					placeholder={$t('placeholder.licence_number')}
+					toUpperCase={true}
+					readonly={readonlyUser}
+				/>
+				<InputField
+					name="user[licence][issued_date]"
+					type="date"
+					label={$t('issued_date')}
+					bind:value={localUser.licence.issued_date}
+					placeholder={$t('placeholder.issued_date')}
+					readonly={readonlyUser}
+				/>
+				<InputField
+					name="user[licence][expiration_date]"
+					type="date"
+					label={$t('expiration_date')}
+					bind:value={localUser.licence.expiration_date}
+					placeholder={$t('placeholder.expiration_date')}
+					readonly={readonlyUser}
+				/>
+				<InputField
+					name="user[licence][country]"
+					label={$t('country')}
+					bind:value={localUser.licence.country}
+					placeholder={$t('placeholder.issuing_country')}
+					readonly={readonlyUser}
+				/>
+				<div class="licence-categories">
+					<h3>{$t('licence_categories')}</h3>
+					<div class="checkbox-grid">
+						{#each Object.entries(groupedCategories) as [, categories], groupIndex}
+							{#if groupIndex > 0}
+								<div class="category-break"></div>
+							{/if}
+							{#each categories as category}
+								<div class="checkbox-item">
+									<div class="checkbox-label-container">
+										<InputField
+											type="checkbox"
+											name="user[licence][categories][]"
+											value={JSON.stringify(category)}
+											label={category.category}
+											checked={localUser.licence.categories != null &&
+												localUser.licence.categories.some(
+													(cat) => cat.category === category.category
+												)}
+										/>
+									</div>
+									<span class="checkbox-description">
+										{$t(`licenceCategory.${category.category}`)}
+									</span>
 								</div>
-								<span class="checkbox-description">
-									{$t(`licenceCategory.${category.category}`)}
-								</span>
-							</div>
+							{/each}
 						{/each}
-					{/each}
+					</div>
 				</div>
 			</div>
-		</div>
+		{/if}
 		<div class="tab-content" style="display: {activeTab === 'membership' ? 'block' : 'none'}">
 			<InputField
 				name="user[membership][status]"
@@ -413,7 +424,7 @@
 				label={$t('status')}
 				bind:value={localUser.membership.status}
 				options={membershipStatusOptions}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
 			<InputField
 				name="user[membership][subscription_model][name]"
@@ -421,31 +432,33 @@
 				label={$t('subscription.subscription')}
 				bind:value={localUser.membership.subscription_model.name}
 				options={subscriptionModelOptions}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
 			<div class="subscription-info">
-				<div class="subscription-column">
-					<p>
-						<strong>{$t('subscription.monthly_fee')}:</strong>
-						{selectedSubscriptionModel?.monthly_fee || '-'} €
-					</p>
-					<p>
-						<strong>{$t('subscription.hourly_rate')}:</strong>
-						{selectedSubscriptionModel?.hourly_rate || '-'} €
-					</p>
-					{#if selectedSubscriptionModel?.included_hours_per_year}
+				{#if hasPrivilige(editor, PERMISSIONS.Member)}
+					<div class="subscription-column">
 						<p>
-							<strong>{$t('subscription.included_hours_per_year')}:</strong>
-							{selectedSubscriptionModel?.included_hours_per_year}
+							<strong>{$t('subscription.monthly_fee')}:</strong>
+							{selectedSubscriptionModel?.monthly_fee || '-'} €
 						</p>
-					{/if}
-					{#if selectedSubscriptionModel?.included_hours_per_month}
 						<p>
-							<strong>{$t('subscription.included_hours_per_month')}:</strong>
-							{selectedSubscriptionModel?.included_hours_per_month}
+							<strong>{$t('subscription.hourly_rate')}:</strong>
+							{selectedSubscriptionModel?.hourly_rate || '-'} €
 						</p>
-					{/if}
-				</div>
+						{#if selectedSubscriptionModel?.included_hours_per_year}
+							<p>
+								<strong>{$t('subscription.included_hours_per_year')}:</strong>
+								{selectedSubscriptionModel?.included_hours_per_year}
+							</p>
+						{/if}
+						{#if selectedSubscriptionModel?.included_hours_per_month}
+							<p>
+								<strong>{$t('subscription.included_hours_per_month')}:</strong>
+								{selectedSubscriptionModel?.included_hours_per_month}
+							</p>
+						{/if}
+					</div>
+				{/if}
 				<div class="subscription-column">
 					<p>
 						<strong>{$t('details')}:</strong>
@@ -465,7 +478,7 @@
 				label={$t('start')}
 				bind:value={localUser.membership.start_date}
 				placeholder={$t('placeholder.start_date')}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
 			<InputField
 				name="user[membership][end_date]"
@@ -473,16 +486,18 @@
 				label={$t('end')}
 				bind:value={localUser.membership.end_date}
 				placeholder={$t('placeholder.end_date')}
-				readonly={role_id === 0}
-			/>
-			<InputField
-				name="user[membership][parent_member_id]"
-				type="number"
-				label={$t('parent_member_id')}
-				bind:value={localUser.membership.parent_member_id}
-				placeholder={$t('placeholder.parent_member_id')}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
+			{#if hasPrivilige(editor, PERMISSIONS.Member)}
+				<InputField
+					name="user[membership][parent_member_id]"
+					type="number"
+					label={$t('parent_member_id')}
+					bind:value={localUser.membership.parent_member_id}
+					placeholder={$t('placeholder.parent_member_id')}
+					readonly={readonlyUser}
+				/>
+			{/if}
 		</div>
 		<div class="tab-content" style="display: {activeTab === 'bankaccount' ? 'block' : 'none'}">
 			<InputField
@@ -516,7 +531,7 @@
 				label={$t('mandate_reference')}
 				bind:value={localUser.bank_account.mandate_reference}
 				placeholder={$t('placeholder.mandate_reference')}
-				readonly={role_id === 0}
+				readonly={readonlyUser}
 			/>
 			<InputField
 				name="user[bank_account][mandate_date_signed]"
diff --git a/frontend/src/routes/auth/about/[id]/+page.svelte b/frontend/src/routes/auth/about/[id]/+page.svelte
index 7b680c0..8fb3b17 100644
--- a/frontend/src/routes/auth/about/[id]/+page.svelte
+++ b/frontend/src/routes/auth/about/[id]/+page.svelte
@@ -36,7 +36,7 @@
 							default: 'unknown status'
 						})}</span
 					>
-					<span>{$t(`userRole.${user.role_id}`, { default: 'unknown role' })}</span>
+					<span>{$t(`userRole.${user.role_id}`, { default: 'unknown' })}</span>
 				</span>
 			</h3>
 		{/if}
@@ -93,7 +93,7 @@
 			{licence_categories}
 			on:close={close}
 			on:cancel={close}
-			role_id={user.role_id}
+			editor={user}
 		/>
 	</Modal>
 {/if}
diff --git a/frontend/src/routes/auth/admin/users/+page.server.js b/frontend/src/routes/auth/admin/users/+page.server.js
index d125d38..15d06b1 100644
--- a/frontend/src/routes/auth/admin/users/+page.server.js
+++ b/frontend/src/routes/auth/admin/users/+page.server.js
@@ -2,8 +2,8 @@
 // - Implement a load function to fetch a list of all users.
 // - Create actions for updating user information (similar to the about/[id] route).
 
-import { BASE_API_URI } from '$lib/utils/constants';
-import { formatError, userDatesFromRFC3339 } from '$lib/utils/helpers';
+import { BASE_API_URI, PERMISSIONS } from '$lib/utils/constants';
+import { formatError, hasPrivilige, userDatesFromRFC3339 } from '$lib/utils/helpers';
 import { fail, redirect } from '@sveltejs/kit';
 import {
 	formDataToObject,
@@ -18,7 +18,7 @@ export async function load({ locals }) {
 	if (!locals.user) {
 		throw redirect(302, `${base}/auth/login?next=${base}/auth/admin/users`);
 	}
-	if (locals.user.role_id === 0) {
+	if (!hasPrivilige(locals.user, PERMISSIONS.View)) {
 		throw redirect(302, `${base}/auth/about/${locals.user.id}`);
 	}
 }
diff --git a/frontend/src/routes/auth/admin/users/+page.svelte b/frontend/src/routes/auth/admin/users/+page.svelte
index 5ecd009..dfcda3d 100644
--- a/frontend/src/routes/auth/admin/users/+page.svelte
+++ b/frontend/src/routes/auth/admin/users/+page.svelte
@@ -6,7 +6,8 @@
 	import { t } from 'svelte-i18n';
 	import { page } from '$app/stores';
 	import { applyAction, enhance } from '$app/forms';
-	import { receive, send } from '$lib/utils/helpers';
+	import { hasPrivilige, receive, send } from '$lib/utils/helpers';
+	import { PERMISSIONS } from '$lib/utils/constants';
 
 	/** @type {import('./$types').ActionData} */
 	export let form;
@@ -19,7 +20,7 @@
 		payments = []
 	} = $page.data);
 
-	let activeSection = 'users';
+	let activeSection = 'members';
 	/** @type{App.Locals['user'] | null} */
 	let selectedUser = null;
 	/** @type{App.Types['subscription'] | null} */
@@ -28,9 +29,21 @@
 	let showUserModal = false;
 	let searchTerm = '';
 
-	$: filteredUsers = searchTerm ? getFilteredUsers() : users;
+	$: members = users.filter((/** @type{App.Locals['user']} */ user) => {
+		return user.role_id >= PERMISSIONS.Member;
+	});
+	$: supporters = users.filter((/** @type{App.Locals['user']} */ user) => {
+		return user.role_id < PERMISSIONS.Member;
+	});
+	$: filteredMembers = searchTerm ? getFilteredUsers(members) : members;
 
-	function handleMailButtonClick() {
+	$: filteredSupporters = searchTerm ? getFilteredUsers(supporters) : supporters;
+
+	/**
+	 * Handles Mail button click to open a formatted mailto link
+	 * @param {App.Locals['user'][]} filteredUsers - the users to send the mail to
+	 */
+	function handleMailButtonClick(filteredUsers) {
 		const subject = 'Important Announcement';
 		const body = `Hello everyone,\n\nThis is an important message.`;
 		const bccEmails = filteredUsers
@@ -43,14 +56,15 @@
 	}
 
 	/**
-	 * returns a set of users depending on the entered search query
+	 * returns a set of members depending on the entered search query
+	 * @param {App.Locals['user'][]} userSet Set to filter
 	 * @return {App.Locals['user'][]}*/
-	const getFilteredUsers = () => {
-		if (!searchTerm.trim()) return users;
+	const getFilteredUsers = (userSet) => {
+		if (!searchTerm.trim()) return userSet;
 
 		const term = searchTerm.trim().toLowerCase();
 
-		return users.filter((/** @type{App.Locals['user']}*/ user) => {
+		return userSet.filter((/** @type{App.Locals['user']}*/ user) => {
 			const basicMatch = [
 				user.first_name?.toLowerCase(),
 				user.last_name?.toLowerCase(),
@@ -124,12 +138,22 @@
 			<ul class="nav-list">
 				<li>
 					<button
-						class="nav-link {activeSection === 'users' ? 'active' : ''}"
-						on:click={() => setActiveSection('users')}
+						class="nav-link {activeSection === 'members' ? 'active' : ''}"
+						on:click={() => setActiveSection('members')}
 					>
 						<i class="fas fa-users"></i>
 						{$t('users')}
-						<span class="nav-badge">{users.length}</span>
+						<span class="nav-badge">{members.length}</span>
+					</button>
+				</li>
+				<li>
+					<button
+						class="nav-link {activeSection === 'supporter' ? 'active' : ''}"
+						on:click={() => setActiveSection('supporter')}
+					>
+						<i class="fas fa-hand-holding-dollar"></i>
+						{$t('supporter')}
+						<span class="nav-badge">{supporters.length}</span>
 					</button>
 				</li>
 				<li>
@@ -168,7 +192,7 @@
 				{/each}
 			{/if}
 
-			{#if activeSection === 'users'}
+			{#if activeSection === 'members'}
 				<div class="section-header">
 					<h2>{$t('users')}</h2>
 					<div class="title-container">
@@ -183,7 +207,7 @@
 						<button
 							class="btn primary"
 							aria-label="Mail Users"
-							on:click={() => handleMailButtonClick()}
+							on:click={() => handleMailButtonClick(filteredMembers)}
 						>
 							<i class="fas fa-envelope"></i>
 						</button>
@@ -196,7 +220,108 @@
 					</div>
 				</div>
 				<div class="accordion">
-					{#each filteredUsers as user}
+					{#each filteredMembers as user}
+						<details class="accordion-item">
+							<summary class="accordion-header">
+								{user.first_name}
+								{user.last_name}
+							</summary>
+							<div class="accordion-content">
+								<table class="table">
+									<tbody>
+										<tr>
+											<th>{$t('user.id')}</th>
+											<td>{user.id}</td>
+										</tr>
+										<tr>
+											<th>{$t('name')}</th>
+											<td>{user.first_name} {user.last_name}</td>
+										</tr>
+										<tr>
+											<th>{$t('user.email')}</th>
+											<td>{user.email}</td>
+										</tr>
+										<tr>
+											<th>{$t('subscription.subscription')}</th>
+											<td>{user.membership?.subscription_model?.name}</td>
+										</tr>
+										<tr>
+											<th>{$t('status')}</th>
+											<td>{$t('userStatus.' + user.status)}</td>
+										</tr>
+									</tbody>
+								</table>
+								<div class="button-group">
+									<button class="btn primary" on:click={() => openEditUserModal(user)}>
+										<i class="fas fa-edit"></i>
+										{$t('edit')}
+									</button>
+									<form
+										method="POST"
+										action="?/userDelete"
+										use:enhance={() => {
+											return async ({ result }) => {
+												if (result.type === 'success' || result.type === 'redirect') {
+													await applyAction(result);
+												}
+											};
+										}}
+										on:submit|preventDefault={(/** @type {SubmitEvent} */ e) => {
+											if (
+												!confirm(
+													$t('dialog.user_deletion', {
+														values: {
+															firstname: user.first_name || '',
+															lastname: user.last_name || ''
+														}
+													})
+												)
+											) {
+												e.preventDefault(); // Cancel form submission if user declines
+											}
+										}}
+									>
+										<input type="hidden" name="user[id]" value={user.id} />
+										<input type="hidden" name="user[last_name]" value={user.last_name} />
+										<button class="btn danger" type="submit">
+											<i class="fas fa-trash"></i>
+											{$t('delete')}
+										</button>
+									</form>
+								</div>
+							</div>
+						</details>
+					{/each}
+				</div>
+			{:else if activeSection === 'supporter'}
+				<div class="section-header">
+					<h2>{$t('supporter')}</h2>
+					<div class="title-container">
+						<InputField
+							name="search"
+							bind:value={searchTerm}
+							placeholder={$t('placeholder.search')}
+							backgroundColor="--base"
+						/>
+					</div>
+					<div>
+						<button
+							class="btn primary"
+							aria-label="Mail Supporter"
+							on:click={() => handleMailButtonClick(filteredSupporters)}
+						>
+							<i class="fas fa-envelope"></i>
+						</button>
+					</div>
+					<div>
+						<button class="btn primary" on:click={() => openEditUserModal(null)}>
+							<i class="fas fa-plus"></i>
+							{$t('add_new')}
+						</button>
+					</div>
+				</div>
+				<div class="accordion">
+					{#each filteredSupporters as user}
 						<details class="accordion-item">
 							<summary class="accordion-header">
 								{user.first_name}
@@ -272,7 +397,7 @@
 			{:else if activeSection === 'subscriptions'}
 				<div class="section-header">
 					<h2>{$t('subscription.subscriptions')}</h2>
-					{#if user.role_id == 8}
+					{#if hasPrivilige(user, PERMISSIONS.Super)}
 						<button class="btn primary" on:click={() => openEditSubscriptionModal(null)}>
 							<i class="fas fa-plus"></i>
 							{$t('add_new')}
@@ -285,7 +410,7 @@
 							<summary class="accordion-header">
 								{subscription.name}
 								<span class="nav-badge"
-									>{users.filter(
+									>{members.filter(
 										(/** @type{App.Locals['user']}*/ user) =>
 											user.membership?.subscription_model?.name === subscription.name
 									).length}</span
@@ -328,7 +453,7 @@
 										</tr>
 									</tbody>
 								</table>
-								{#if user.role_id == 8}
+								{#if hasPrivilige(user, PERMISSIONS.Super)}
 									<div class="button-group">
 										<button
 											class="btn primary"
@@ -337,7 +462,7 @@
 											<i class="fas fa-edit"></i>
 											{$t('edit')}
 										</button>
-										{#if !users.some(/** @param{App.Locals['user']} user */ (user) => user.membership?.subscription_model?.id === subscription.id)}
+										{#if !members.some(/** @param{App.Locals['user']} user */ (user) => user.membership?.subscription_model?.id === subscription.id)}
 											<form
 												method="POST"
 												action="?/subscriptionDelete"
@@ -415,7 +540,7 @@
 	<Modal on:close={close}>
 		<UserEditForm
 			{form}
-			role_id={user.role_id}
+			editor={user}
 			user={selectedUser}
 			{subscriptions}
 			{licence_categories}
diff --git a/go-backend/internal/constants/constants.go b/go-backend/internal/constants/constants.go
index 6a707a0..a5c0158 100644
--- a/go-backend/internal/constants/constants.go
+++ b/go-backend/internal/constants/constants.go
@@ -66,22 +66,24 @@ var Priviliges = struct {
 	Update int8
 	Delete int8
 }{
-	View:   1,
+	View:   2,
 	Update: 4,
 	Create: 4,
 	Delete: 4,
 }
 
 var Roles = struct {
-	Member int8
-	Viewer int8
-	Editor int8
-	Admin  int8
+	Supporter int8
+	Member    int8
+	Viewer    int8
+	Editor    int8
+	Admin     int8
 }{
-	Member: 0,
-	Viewer: 1,
-	Editor: 4,
-	Admin:  8,
+	Supporter: 0,
+	Member:    1,
+	Viewer:    2,
+	Editor:    4,
+	Admin:     8,
 }
 
 var MemberUpdateFields = map[string]bool{