test: Vorgang-Detail Seite: Share (mail-to) Link enthält URL zum Vorgang

Reviewed-on: #41

Dockerfile.dev

@@ -8,11 +8,10 @@ RUN npm i --unsafe-perm
 COPY . ./
 COPY config_dev.json ./config.json
 RUN npm run build
-RUN npm run init-db
 
 # --- Production stage ---
 FROM node:24-alpine
 COPY --from=build /app .
 ENV HOST=0.0.0.0
 EXPOSE 3000
-CMD ["sh", "-c", "ORIGIN=https://tatort-dev.innovation-hub-niedersachsen.de node build/index.js"]
+CMD ["sh", "-c", "npm run init-db && ORIGIN=https://tatort-dev.innovation-hub-niedersachsen.de node build/index.js"]

src/hooks.server.ts

@@ -14,5 +14,15 @@ export const handle: Handle = async ({ event, resolve }) => {
 		event.cookies.delete('session', {path: ROUTE_NAMES.ROOT});
 		event.locals.user = null;
 	}
+
+	if (event.url.pathname.startsWith('/api')) {
+		if (!event.locals.user) {
+			return new Response(JSON.stringify({ error: 'Unauthorized' }), {
+				status: 401,
+				headers: { 'Content-Type': 'application/json' }
+			});
+		}
+	}
+
 	return await resolve(event);
 }

src/init/init_db.ts

@@ -1,8 +1,9 @@
 import Database from 'better-sqlite3';
 import fs from 'fs';
 import path from 'path';
+import { DB_FULLPATH } from '../routes';
 
-const fullPath = './src/lib/data/tatort.db';
+const fullPath = DB_FULLPATH;
 const dir = path.dirname(fullPath);
 
 if (!fs.existsSync(dir)) {

src/lib/components/ExpandableForm.svelte

@@ -0,0 +1,54 @@
+<script lang="ts">
+  import { fly, scale, fade } from 'svelte/transition';
+  import { cubicOut } from 'svelte/easing';
+  import { tick } from 'svelte';
+
+  let expanded = false;
+  let formContainer: HTMLDivElement;
+
+  async function toggle() {
+    expanded = !expanded;
+
+    if (expanded) {
+      // Wait for DOM to update
+      await tick();
+
+      // Scroll smoothly into view
+      formContainer?.scrollIntoView({ behavior: 'smooth', block: 'start' });
+    }
+  }
+</script>
+
+<div data-testid="expand-container" class="flex flex-col items-center">
+  <!-- + / × button -->
+  <button
+    data-testid="expand-button"
+    class="flex items-center justify-center w-12 h-12 rounded-full bg-blue-600 text-white text-2xl font-bold hover:bg-blue-700 transition"
+    on:click={toggle}
+    aria-expanded={expanded}
+    aria-label="Add item"
+  >
+    {#if expanded}
+      ✕
+    {:else}
+      +
+    {/if}
+  </button>
+
+  <!-- Expandable content below button -->
+  {#if expanded}
+    <div
+      bind:this={formContainer}
+      class="w-full mt-4 flex justify-center"
+      transition:fade
+    >
+      <div
+        in:fly={{ y: 10, duration: 200, easing: cubicOut }}
+        out:scale={{ duration: 150 }}
+        class="w-full max-w-2xl"
+      >
+        <slot />
+      </div>
+    </div>
+  {/if}
+</div>

src/lib/components/Header.svelte

@@ -21,7 +21,7 @@
 			<h1 class="text-3xl text-slate-400 font-bold">Tatort</h1>
 			<div class="lg:flex lg:justify-end w-48">
 				{#if data.user}
-					<form method="POST" action="{ROUTE_NAMES.ANMELDUNG_LOGOUT}">
+					<form method="POST" action="{ROUTE_NAMES.LOGOUT}">
 						<input type="hidden" />
 						<button type="submit" class="text-sm font-semibold leading-6 text-gray-900"
 							><span

src/lib/components/NameItemEditor.svelte

@@ -13,8 +13,9 @@
 	// props, old syntax
 	export let list: ListItem[] = [];
 	export let currentName: string;
-	export let onSave: (n: string, o: string) => unknown = () => {};
-	export let onDelete: (n: string) => unknown = () => {};
+	export let vorgangToken: string | null;
+	export let onSave: (n: string, o: string, t?: string) => unknown = () => {};
+	export let onDelete: ((n: string) => unknown) | null = () => {};
 
 	let localName = currentName;
 	let isEditing = false;
@@ -43,7 +44,9 @@
 	}
 
 	function commitEdit() {
-		if (!error && localName != currentName) onSave(localName, currentName);
+		if (!error && localName != currentName) onSave(localName, currentName, vorgangToken);
+		// restore original value
+		if (error) { localName = currentName }
 		
 		isEditing = false;
 	}
@@ -54,30 +57,60 @@
 	}
 
 	function handleDeleteClick() {
-		onDelete(currentName);
+		// vorgangToken defined when deleting Vorgang, otherwise Crime
+		onDelete(vorgangToken || currentName);
 	}
 </script>
 
-<div data-testid="test-nameItemEditor">
+<div data-testid="test-nameItemEditor" class="flex flex-col gap-1">
   {#if isEditing}
+    <div class="flex items-center gap-1">
       <input
         data-testid="test-input"
         bind:this={inputRef}
         bind:value={localName}
         onkeydown={handleKeydown}
+        class="flex-1 border border-gray-300 rounded px-1.5 py-0.5 text-sm focus:outline-none focus:ring-1 focus:ring-blue-500"
       />
       <button
         data-testid="commit-button"
         disabled={!!error || localName === currentName}
-			onclick={commitEdit}><Check /></button
+        onclick={commitEdit}
+        class="text-gray-500 hover:text-green-600 transition disabled:opacity-40"
       >
-		<button data-testid="cancel-button" onclick={cancelEdit}><X /></button>
+        <Check class="w-4 h-4" />
+      </button>
+      <button
+        data-testid="cancel-button"
+        onclick={cancelEdit}
+        class="text-gray-500 hover:text-red-600 transition"
+      >
+        <X class="w-4 h-4" />
+      </button>
+    </div>
   {:else}
-		<span>{localName}</span>
-		<button data-testid="edit-button" onclick={startEdit}><Edit /></button>
-		<button data-testid="delete-button" onclick={handleDeleteClick}><Trash /></button>
-	{/if}
-	{#if error}
-		<p class="text-red-500">{error}</p>
+    <div class="flex items-center gap-1">
+      <span class="text-sm font-medium text-gray-900 truncate">{localName}</span>
+      <button
+        data-testid="edit-button"
+        onclick={startEdit}
+        class="text-gray-500 hover:text-blue-600 transition"
+      >
+        <Edit class="w-4 h-4" />
+      </button>
+      {#if onDelete}
+		<button
+			data-testid="delete-button"
+			onclick={handleDeleteClick}
+			class="text-gray-500 hover:text-red-600 transition"
+		>
+			<Trash class="w-4 h-4" />
+		</button>
+      {/if}
+    </div>
+  {/if}
+
+  {#if error}
+    <p class="text-xs text-red-500 mt-1">{error}</p>
   {/if}
 </div>

src/lib/server/authService.ts

@@ -12,7 +12,8 @@ export const loginUser = async ({ request, cookies }: { request: Request; cookie
 
 	const token = authenticate(user, password);
 
-	if (!token) return fail(400, { user, incorrect: true });
+	if (!token) return fail(400, { user, incorrect: true,
+								message: "Ungültige Zugangsdaten" });
 
 	cookies.set(COOKIE_NAME, token, {
 		path: ROUTE_NAMES.ROOT,
@@ -26,5 +27,5 @@ export const loginUser = async ({ request, cookies }: { request: Request; cookie
 export const logoutUser = async (event: RequestEvent) => {
 	event.cookies.delete(COOKIE_NAME, { path: ROUTE_NAMES.ROOT });
 	event.locals.user = null;
-	return { success: true };
+	return redirect(303, ROUTE_NAMES.ROOT);
 };

src/lib/server/dbService.ts

@@ -1,12 +1,7 @@
 import Database from 'better-sqlite3';
-import fs from 'fs';
-import path from 'path';
+import { DB_FULLPATH } from '../../routes';
 
-const fullPath = './src/lib/data/tatort.db';
-const dir = path.dirname(fullPath);
+// make sure the DB is initiated
+import '../../init/init_db'
 
-if (!fs.existsSync(dir)) {
-	fs.mkdirSync(dir);
-}
-
-export const db = new Database(fullPath);
+export const db = new Database(DB_FULLPATH);

src/lib/server/vorgangService.ts

@@ -1,6 +1,7 @@
 import { fail } from '@sveltejs/kit';
 import { BUCKET, client, CONFIGFILENAME, TOKENFILENAME } from '$lib/minio';
 import { checkIfExactDirectoryExists, getContentOfTextObject } from './s3ClientService';
+import { v4 as uuidv4 } from 'uuid';
 
 import { db } from './dbService';
 
@@ -45,6 +46,31 @@ export const getVorgangByToken = (
 	return result;
 };
 
+/**
+ * Create Vorgang, using a vorgangName and vorgangPIN
+ * @param vorgangName
+ * @param vorgangPIN
+ * @returns {string || false} vorgangToken if successful
+ */
+export const createVorgang = (vorgangName: string, vorgangPIN: string): string | boolean => {
+	const vorgangExists = vorgangNameExists(vorgangName);
+	if (vorgangExists) {
+		return false;
+	}
+
+	const vorgangToken = uuidv4();
+
+	const insertSQLStatement = `INSERT INTO cases (token, name, pin) VALUES (?, ?, ?)`;
+	const statement = db.prepare(insertSQLStatement);
+	const info = statement.run(vorgangToken, vorgangName, vorgangPIN);
+
+	if (info.changes) {
+		return vorgangToken;
+	} else {
+		return false;
+	}
+};
+
 /**
  * Get Vorgang
  * @param vorgangName
@@ -208,3 +234,27 @@ export const vorgangPINValidation = function (vorgangToken: string, vorgangPIN:
 
 	return true;
 };
+
+/**
+ * Change VorgangName or VorgangPIN
+ * @param vorgangToken
+ * @param newValue
+ * @returns {int} number of affected lines
+ */
+export const updateVorgangAttrByToken = function (vorgangToken: string,
+											newValue: string,
+											column: string) {
+	const renameSQLStmt = `UPDATE cases set ${column} = ? WHERE token = ?`;
+	const statement = db.prepare(renameSQLStmt);
+
+	let info;
+	
+	try {
+		info = statement.run(newValue, vorgangToken);
+	} catch (err) {
+		console.log(`error: ${err}`)
+		return 0;
+	}
+
+	return info.changes;
+};

src/routes/(angemeldet)/+layout.server.ts

@@ -1,12 +1,10 @@
-import { redirect, type ServerLoadEvent } from '@sveltejs/kit';
+import { type ServerLoadEvent } from '@sveltejs/kit';
 import type { PageServerLoad } from '../anmeldung/$types';
 
-import { ROUTE_NAMES } from '..';
-
 export const load: PageServerLoad = (event: ServerLoadEvent) => {
-	if (!event.locals.user && event.url.pathname !== ROUTE_NAMES.ANMELDUNG)
-		throw redirect(303, ROUTE_NAMES.ANMELDUNG);
+	if (event.locals.user) {
 		return {
 			user: event.locals.user
 		};
+	}
 };

src/routes/(angemeldet)/+layout.svelte

@@ -5,6 +5,8 @@
 	export let data;
 </script>
 
+{#if data.user?.admin}
+
 <div class="h-screen v-screen flex flex-col">
 	<div class="flex flex-col h-full">
 		<Header {data}/>
@@ -16,3 +18,10 @@
 
 	</div>
 </div>
+
+{:else}
+
+<div class="h-screen bg-white"><slot /></div>
+
+
+{/if}

src/routes/(angemeldet)/+page.server.ts

@@ -0,0 +1,6 @@
+import { loginUser, logoutUser } from '$lib/server/authService';
+
+export const actions = {
+	login: ({ request, cookies }) => loginUser({ request, cookies }),
+	logout: (event) => logoutUser(event),
+} as const;

src/routes/(angemeldet)/+page.svelte

@@ -2,18 +2,21 @@
 	import AddProcess from '$lib/icons/Add-Process.svelte';
 	import FileRect from '$lib/icons/File-rect.svelte';
 	import ListIcon from '$lib/icons/List-icon.svelte';
+	import Button from '$lib/components/Button.svelte';
+	import ArrowRight from '$lib/icons/Arrow-right.svelte';
 
 	import { ROUTE_NAMES } from '../index.js';
 
 	export let data;
+	export let form;
 	export let outline = true;
 </script>
 
+{#if data.user?.admin}
 <div
 	class=" inset-x-0 top-0 -z-10 h-full flex items-center justify-center bg-white shadow-lg ring-1 ring-gray-900/5"
 >
 	<div class="mx-auto flex justify-center max-w-7xl py-10 px-8 w-full">
-		{#if data.user.admin}
 			<div class="group relative rounded-lg p-6 text-sm leading-6 hover:bg-gray-50 w-1/4">
 				<div
 					class="flex h-11 w-11 items-center justify-center rounded-lg bg-gray-50 group-hover:bg-white"
@@ -28,21 +31,6 @@
 					Verschaffe Dir einen Überblick über alle gespeicherten Tatorte.
 				</p>
 			</div>
-		{/if}
-		{#if data.user.admin}
-			<div class="group relative rounded-lg p-6 text-sm leading-6 hover:bg-gray-50 w-1/4">
-				<div
-					class="flex h-11 w-11 items-center justify-center rounded-lg bg-gray-50 group-hover:bg-white"
-				>
-					<AddProcess class=" group-hover:text-indigo-600" />
-				</div>
-				<a href="{ROUTE_NAMES.UPLOAD}" class="mt-6 block font-semibold text-gray-900">
-					Hinzufügen
-					<span class="absolute inset-0"></span>
-				</a>
-				<p class="mt-1 text-gray-600">Fügen Sie einem Tatort Bilder hinzu.</p>
-			</div>
-		{/if}
 		<div class="group relative rounded-lg p-6 text-sm leading-6 hover:bg-gray-50 w-1/4">
 			<div
 				class="flex h-11 w-11 items-center justify-center rounded-lg bg-gray-50 group-hover:bg-white"
@@ -58,5 +46,64 @@
 	</div>
 </div>
 
+{:else}
+
+<div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
+	<div class="sm:mx-auto sm:w-full sm:max-w-sm">
+		<img class="mx-auto h-10 w-auto" src="/Landeswappen_NI.svg" alt="Landeswappen Niedersachsen" />
+
+		<h2 class="mt-10 text-center text-2xl font-bold leading-9 tracking-tight text-gray-900">
+			Willkommen beim 3D Tatort
+		</h2>
+	</div>
+	<div class="w-full max-w-sm mx-auto">
+		<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
+			<div class="mt-10">
+
+<form action="{ROUTE_NAMES.LOGIN}" method="POST">
+						<div>
+							<label for="user" class="text-sm font-medium leading-6 text-gray-900">Name</label>
+							<div class="mt-2">
+								<input
+									id="user"
+									name="user"
+									type="text"
+									autocomplete="email"
+									required
+									class="rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
+								/>
+							</div>
+						</div>
+
+						<div>
+							<label for="password" class="block text-sm font-medium leading-6 text-gray-900"
+								>Passwort</label
+							>
+							<div class="mt-2">
+								<input
+									id="password"
+									name="password"
+									type="password"
+									autocomplete="current-password"
+									required
+									class="block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
+								/>
+							</div>
+						</div>
+						{#if form?.incorrect}
+							<p class="block text-sm leading-6 text-red-900 mt-2">{form.message}</p>
+						{/if}
+						<div class="flex justify-end">
+							<Button type="submit" class="mt-5">Anmelden</Button>
+						</div>
+					</form>
+			</div>
+		</div>
+	</div>
+</div>
+
+{/if}
+
 <style>
 </style>
+

src/routes/(angemeldet)/list/+page.server.ts

@@ -1,10 +1,35 @@
-import { getVorgaenge } from '$lib/server/vorgangService';
+import { createVorgang, getVorgaenge } from '$lib/server/vorgangService';
 import type { PageServerLoad } from '../../(token-based)/view/$types';
+import { error, fail } from '@sveltejs/kit';
+
+export const load: PageServerLoad = async (event) => {
+	if (!event.locals.user) {
+		error(404, 'Not Found')
+	}
 
-export const load: PageServerLoad = async () => {
 	const vorgangList = getVorgaenge();
 
 	return {
 		vorgangList
 	};
 };
+
+
+export const actions = {
+	default: async ({ request }: { request: Request }) => {
+		const data = await request.formData();
+		const vorgangName: string | null = data.get('vorgang') as string;
+		const vorgangPIN: string | null = data.get('pin') as string;
+
+		const err = {};
+
+		const token = createVorgang(vorgangName, vorgangPIN);
+		if (!token) {
+			err.message = "Der Vorgang konnte nicht angelegt werden"
+			return fail(400, err)
+		} else {
+			// success
+			return { token }
+		}
+	}
+};

src/routes/(angemeldet)/list/+page.svelte

@@ -1,24 +1,94 @@
 <script lang="ts">
+	import ExpandableForm from '$lib/components/ExpandableForm.svelte';
 	import Trash from '$lib/icons/Trash.svelte';
 	import Folder from '$lib/icons/Folder.svelte';
 	import EmptyList from '$lib/components/EmptyList.svelte';
+	import NameItemEditor from '$lib/components/NameItemEditor.svelte';
+	import Alert from '$lib/components/Alert.svelte';
+	import Button from '$lib/components/Button.svelte';
+	import Modal from '$lib/components/Modal/Modal.svelte';
+	import ModalTitle from '$lib/components/Modal/ModalTitle.svelte';
+	import ModalContent from '$lib/components/Modal/ModalContent.svelte';
+	import ModalFooter from '$lib/components/Modal/ModalFooter.svelte';
 	import { API_ROUTES, ROUTE_NAMES } from '../../index.js';
+	import { invalidateAll } from '$app/navigation';
 
-	let { data } = $props();
+	let { data, form } = $props();
 
-	let vorgangList = data.vorgangList;
+	let vorgangList = $state(data.vorgangList);
+    
+    // same as `vorgangList` but with one different property to be used
+    // with ´NameItemEditor`
+    const derivedList = $derived.by(
+		() => {
+			return vorgangList.map(
+				({ vorgangName, ...rest }) => (
+					{
+						name: vorgangName,
+						...rest
+					}
+				)
+			)
+		}
+    );
 	
 	let isEmptyList = vorgangList.length === 0;
 
-	async function delete_item(ev: Event) {
+	let vorgangName = $state('');
+	let vorgangPIN = $state('');
+	let errorMsg = $state('');
+
+	// reset input fields when submission successful
+	$effect(() => {
+		if (form?.token) {
+			vorgangName = '';
+			vorgangPIN = '';
+			errorMsg = '';
+		}
+	});
+
+	async function submitVorgang(ev: Event) {
+		const isValid = inputValid(vorgangName, vorgangPIN);
+		if (!isValid) {
+			ev.preventDefault();
+			return;
+		}
+
+		// continue form action on server
+	}
+
+	/**
+	 * Check for required fields
+	 * @param vorgangName
+	 * @param vorgangPIN
+	 * @returns {boolean} Indicates whether input is valid
+	 */
+	function inputValid(vorgangName, vorgangPIN) {
+		if (!(vorgangName || vorgangPIN)) {
+			errorMsg = 'Bitte beide Felder ausfüllen.';
+			return false;
+		} else if (!vorgangName) {
+			errorMsg = 'Bitte einen Vorgangsnamen vergeben.';
+			return false;
+		} else if (!vorgangPIN) {
+			errorMsg = 'Bitte einen Vorgangs-PIN eingeben.';
+			return false;
+		}
+
+		const existing = vorgangList.some((vorg) => vorg.vorgangName === vorgangName);
+		if (existing) {
+			errorMsg = 'Der Name existiert bereits.';
+			return false;
+		}
+
+		return true;
+	}
+
+	async function deleteVorgang(vorgangToken: string) {
 		let delete_item = window.confirm('Bist du sicher?');
 
 		if (delete_item) {
-			const target = ev.currentTarget as HTMLElement | null;
-			if (!target) return;
-			let filename = target.id.split('del__')[1];
-
-			let url = API_ROUTES.VORGANG(filename);
+			let url = API_ROUTES.VORGANG(vorgangToken);
 			
 			try {
 				const response = await fetch(url, { method: 'DELETE' });
@@ -36,6 +106,46 @@
 			}
 		}
 	}
+	
+	//Variablen für Modal
+	let open = $state(false);
+	let inProgress = $state(false);
+	let isError = $state(false);
+
+	async function handleSave(newName: string, oldName: string, vorgangToken: string) {
+		open = true;
+		inProgress = true;
+		isError = false;
+		try {
+			const res = await fetch(API_ROUTES.VORGANG(vorgangToken), {
+				method: 'PUT',
+				headers: {
+					'Content-Type': 'application/json'
+				},
+				body: JSON.stringify({ vorgangToken, oldName, newName })
+			});
+
+			if (!res.ok) {
+				throw new Error('Fehler beim Speichern');
+			}
+			await invalidateAll();
+			vorgangList = data.vorgangList;
+			open = false;
+		} catch (err) {
+			console.error('⚠️ Netzwerkfehler beim Speichern', err);
+			isError = true;
+		} finally {
+			inProgress = false;
+		}
+	}
+	
+	
+	
+	 async function closeModal() {
+		open = false;
+		isError = false;
+	}
+	
 </script>
 
 <div class="-z-10 bg-white">
@@ -49,30 +159,21 @@
 			{:else}
 				{#each vorgangList as vorgangItem}
 					<li data-testid="test-list-item">
+						<div class="flex items-center justify-center gap-3">
 						<a
 						href="{ROUTE_NAMES.VORGANG(vorgangItem.vorgangToken)}"
-							class="flex justify-between gap-x-6 py-5"
+						class="flex flex-col items-center justify-center gap-2 py-4 rounded-lg hover:bg-gray-50 transition text-center"
 						>
-							<div class="flex gap-x-4">
-								<Folder />
-								<div class="min-w-0 flex-auto">
-									<span class="text-sm font-semibold leading-6 text-gray-900"
-										>{vorgangItem.vorgangName}</span
-									>
-									<button
-										style="padding: 2px"
-										id="del__{vorgangItem.vorgangToken}"
-										on:click|preventDefault={delete_item}
-										aria-label="Vorgang {vorgangItem.name} löschen"
-									>
-										<Trash />
-									</button>
-								</div>
-							</div>
-							<div class="hidden sm:flex sm:flex-col sm:items-end">
-								<p class="text-sm leading-6 text-gray-900">Vorgang</p>
-							</div>
+							<Folder class="w-6 h-6 text-gray-600" />
 						</a>
+							<NameItemEditor
+							list={derivedList}
+							currentName={vorgangItem.vorgangName}
+							vorgangToken={vorgangItem.vorgangToken}
+							onSave={handleSave}
+							onDelete={deleteVorgang}
+							/>
+						</div>
 					</li>
 				{/each}
 			{/if}
@@ -80,8 +181,84 @@
 	</div>
 </div>
 
+
+<ExpandableForm>
+<form class="flex flex-col items-center" method="POST">
+	<div class="flex flex-col sm:flex-row sm:space-x-4 w-full max-w-lg">
+		<div class="flex-1">
+			<label for="vorgang" class="block text-sm font-medium leading-6 text-gray-900">
+				<span class="flex"> Vorgangsname </span>
+			</label>
+			<div class="mt-2">
+				<div
+					class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
+				>
+					<input
+						required
+						bind:value={vorgangName}
+						type="text"
+						name="vorgang"
+						id="vorgang"
+						class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
+					/>
+				</div>
+			</div>
+		</div>
+
+		<div class="flex-1 mt-4 sm:mt-0">
+			<label for="pin" class="block text-sm font-medium leading-6 text-gray-900">
+				<span class="flex"> PIN </span>
+			</label>
+			<div class="mt-2">
+				<div
+					class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
+				>
+					<input
+						required
+						type="password"
+						bind:value={vorgangPIN}
+						name="pin"
+						id="pin"
+						class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
+					/>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	{#if errorMsg}
+		<p>{errorMsg}</p>
+	{/if}
+	{#if form?.message}
+		<p>{form.message}</p>
+	{/if}
+	<button
+		type="submit"
+		on:click={submitVorgang}
+		class="mt-4 bg-indigo-600 text-white px-6 py-2 rounded hover:bg-indigo-700 transition"
+	>
+		Neuen Vorgang hinzufügen
+	</button>
+</form>
+
+</ExpandableForm>
+
+<Modal {open}
+			><ModalTitle>Umbenennen</ModalTitle><ModalContent>
+				{#if inProgress}
+					<p class="py-2 mb-1">Vorgang läuft...</p>
+				{:else if isError}
+					<Alert class="w-full" type="error">Fehler beim Umbenennen</Alert>
+				{:else}
+					<Alert class="w-full">Umbenennen erfolgreich</Alert>
+				{/if}
+			</ModalContent>
+			<ModalFooter><Button disabled={inProgress} on:click={closeModal}>Ok</Button></ModalFooter>
+</Modal>
+
 <style>
 	ul {
 		min-width: 24rem;
 	}
 </style>
+

src/routes/(angemeldet)/upload/+page.server.ts

@@ -1,10 +1,8 @@
 import { Readable } from 'stream';
 import { BUCKET, client } from '$lib/minio';
-import { fail } from '@sveltejs/kit';
-import { v4 as uuidv4 } from 'uuid';
+import { fail, error } from '@sveltejs/kit';
 
-import { db } from '$lib/server/dbService';
-import { getVorgangByName, vorgangNameExists } from '$lib/server/vorgangService';
+import { getVorgangByName } from '$lib/server/vorgangService';
 
 const isRequiredFieldValid = (value: unknown) => {
 	if (value == null) return false;
@@ -20,26 +18,11 @@ export const actions = {
 		const vorgangName: string | null = data.get('vorgang') as string;
 		const crimeName: string | null = data.get('name') as string;
 		const type: string | null = data.get('type') as string;
-		const vorgangPIN: string | null = data.get('vorgangPIN') as string;
 		const fileName: string | null = data.get('fileName') as string;
 
-		const vorgangExists = vorgangNameExists(vorgangName);
 		let vorgangToken;
-
-		if (!vorgangExists) {
-			vorgangToken = uuidv4();
-			const insertSQLStatement = `INSERT INTO cases (token, name, pin) VALUES (?, ?, ?)`;
-			const statement = db.prepare(insertSQLStatement);
-			statement.run(vorgangToken, vorgangName, vorgangPIN);
-		} else {
 		const vorgang = getVorgangByName(vorgangName);
 		vorgangToken = vorgang.token;
-			if (vorgang && vorgang.pin != vorgangPIN) {
-				const updateSQLStmt = `UPDATE cases SET pin = ? WHERE token = ?`;
-				const statement = db.prepare(updateSQLStmt);
-				statement.run(vorgangPIN, vorgangToken);
-			}
-		}
 
 		let objectName = `${vorgangToken}/${crimeName}`;
 		switch (type) {
@@ -60,7 +43,6 @@ export const actions = {
 		const data = Object.fromEntries(requestData);
 		const vorgang = data.vorgang;
 		const name = data.name;
-		const vorgangPIN = data.vorgangPIN;
 		let success = true;
 		const err = {};
 		if (isRequiredFieldValid(vorgang)) {
@@ -77,13 +59,6 @@ export const actions = {
 			success = false;
 		}
 
-		if (isRequiredFieldValid(vorgangPIN)) {
-			err.vorgangPIN = null;
-		} else {
-			err.vorgangPIN = 'Das Feld Zugangspasswort darf nicht leer bleiben.';
-			success = false;
-		}
-
 		if (success) return { success };
 
 		return fail(400, err);
@@ -123,3 +98,10 @@ export const actions = {
 		return { etag, error };
 	}
 };
+
+
+export const load: PageServerLoad = async (event) => {
+	if (!event.locals.user) {
+		error(404, 'Not found')
+	}
+};

src/routes/(angemeldet)/user-management/+page.server.ts

@@ -0,0 +1,8 @@
+import type { PageServerLoad } from '../../(token-based)/view/$types';
+import { error } from '@sveltejs/kit';
+
+export const load: PageServerLoad = async (event) => {
+	if (!event.locals.user) {
+		error(404, 'Not Found')
+	}
+};

src/routes/(token-based)/+layout.server.ts

@@ -10,9 +10,9 @@ export const load: LayoutServerLoad = async ({ params, cookies, locals }) => {
 		};
 	}
 
-	const vorgangToken = params.vorgang || '';
+	const vorgangToken = params.vorgang ?? '';
 	const COOKIE_NAME = `token-${vorgangToken}`;
-	const vorgangPIN = cookies.get(COOKIE_NAME) || '';
+	const vorgangPIN = cookies.get(COOKIE_NAME) ?? '';
 
 	const isVorgangValid = vorgangExists(vorgangToken);
 	const isVorgangPINValid = vorgangPINValidation(vorgangToken, vorgangPIN);

src/routes/(token-based)/list/[vorgang]/+page.server.ts

@@ -0,0 +1,23 @@
+import { getCrimesListByToken, getVorgaenge } from '$lib/server/vorgangService.js';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async ({ params, url }) => {
+	const vorgangList = getVorgaenge();
+	const vorgangToken = params.vorgang;
+	const crimesList = await getCrimesListByToken(vorgangToken);
+	const vorgang = vorgangList.find((v) => v.vorgangToken === vorgangToken); //vorgang sollte ein eigener Typ werden, und dann kann man es hier vernünftig typisieren
+	if (!vorgang || !crimesList) {
+		throw new Error(`Fehlgeschlagen, es wurden keine Daten zum token gefunden`);
+	}
+
+	//Variabeln für NameItemEditor
+	const crimeNames: string[] = crimesList.map((l) => l.name);
+
+	return {
+		vorgang,
+		vorgangList,
+		crimesList,
+		url,
+		crimeNames
+	};
+}

src/routes/(token-based)/list/[vorgang]/+page.svelte

@@ -1,7 +1,8 @@
 <script lang="ts">
 	import shortenFileSize from '$lib/helper/shortenFileSize';
 	import timeElapsed from '$lib/helper/timeElapsed';
-
+	import { deserialize } from '$app/forms';
+	import ExpandableForm from '$lib/components/ExpandableForm.svelte';
 	import Alert from '$lib/components/Alert.svelte';
 	import Button from '$lib/components/Button.svelte';
 	import Modal from '$lib/components/Modal/Modal.svelte';
@@ -12,10 +13,12 @@
 	import { invalidateAll } from '$app/navigation';
 	import NameItemEditor from '$lib/components/NameItemEditor.svelte';
 	import EmptyList from '$lib/components/EmptyList.svelte';
+	import FileRect from '$lib/icons/File-rect.svelte';
+	import Exclamation from '$lib/icons/Exclamation.svelte';
 	import { API_ROUTES, ROUTE_NAMES } from '../../../index.js';
 
 	//Seite für die Tatort-Liste
-	let { data } = $props();
+	let { data, form } = $props();
 
 	interface ListItem {
 		//sollte Typ Vorgang sein, aber der einfachheit ist es noch ListItem, damit die Komponente NameItemEditor für Vorgang und Tatort eingesetzt werden kann
@@ -33,6 +36,126 @@
 	let vorgangToken: string = data.vorgang.vorgangToken;
 	let isEmptyList = $derived(crimesList.length === 0);
 
+	// File Upload Variablen
+	let name = $state('');
+	let formErrors: Record<string, any> | null = $state(null);
+	let etag: string | null = $state(null);
+	let files: FileList | null = $state(null);
+
+	// Model Variablen für Upload
+	let openUL = $state(false);
+	let inProgressUL = $state(form === null);
+
+	async function buttonClick(event: MouseEvent) {
+		if (!(await validateForm())) {
+			event.preventDefault();
+			return;
+		}
+		const url = await getUrl();
+		openUL = true;
+		inProgressUL = true;
+
+		fetch(url, { method: 'PUT', body: files[0] })
+			.then((response) => {
+				inProgressUL = false;
+				etag = '123';
+			})
+			.catch((err) => {
+				inProgressUL = false;
+				etag = null;
+				console.log('ERROR', err);
+			});
+	}
+
+	async function validateForm() {
+		let data = new FormData();
+		data.append('vorgang', vorgangName);
+		data.append('name', name);
+		const response = await fetch(ROUTE_NAMES.UPLOAD_VALIDATE, { method: 'POST', body: data });
+		const result = deserialize(await response.text());
+
+		let success = true;
+		if (result.type === 'success') {
+			formErrors = null;
+		} else {
+			if (result.type === 'failure' && result.data) formErrors = result.data;
+			success = false;
+		}
+
+		if (!files?.length) {
+			formErrors = { file: 'Sie haben keine Datei ausgewählt.', ...formErrors };
+			success = false;
+		}
+
+		if (!(await check_valid_glb_file())) {
+			formErrors = { file: 'Keine gültige .GLD-Datei', ...formErrors };
+			success = false;
+		}
+		return success;
+	}
+
+	async function uploadSuccessful() {
+		openUL = false;
+		name = '';
+		files = null;
+		await invalidateAll();
+		crimesList = data.crimesList;
+	}
+
+	// `val` is hex string
+	function swap_endian(val) {
+		// from https://www.geeksforgeeks.org/bit-manipulation-swap-endianness-of-a-number/
+
+		let leftmost_byte = (val & eval(0x000000ff)) >> 0;
+		let left_middle_byte = (val & eval(0x0000ff00)) >> 8;
+		let right_middle_byte = (val & eval(0x00ff0000)) >> 16;
+		let rightmost_byte = (val & eval(0xff000000)) >> 24;
+
+		leftmost_byte <<= 24;
+		left_middle_byte <<= 16;
+		right_middle_byte <<= 8;
+		rightmost_byte <<= 0;
+
+		let res = leftmost_byte | left_middle_byte | right_middle_byte | rightmost_byte;
+
+		return res;
+	}
+
+	async function check_valid_glb_file() {
+		// GLD Header, magic value 0x46546C67, identifies data as binary glTF, 4 bytes
+		// little endian!
+		const GLD_MAGIC = 0x46546c67;
+
+		// big endian!
+		let file = files[0];
+		let file_header = file.slice(0, 4);
+		console.log(file_header);
+		let header_bytes = await file_header.bytes();
+		let file_header_hex = '0x' + header_bytes.toHex().toString();
+
+		if (GLD_MAGIC == swap_endian(file_header_hex)) {
+			return true;
+		} else {
+			return false;
+		}
+		return true;
+	}
+
+	async function getUrl() {
+		let data = new FormData();
+		data.append('vorgang', vorgangName);
+		data.append('name', name);
+		if (files?.length === 1) {
+			data.append('type', files[0].type);
+			data.append('fileName', files[0].name);
+		}
+		const response = await fetch(ROUTE_NAMES.UPLOAD_URL, { method: 'POST', body: data });
+		const result = deserialize(await response.text());
+		if (result.type === 'success') return result.data?.url;
+
+		return null;
+	}
+
 	//Variablen für Modal
 	let open = $state(false);
 	let inProgress = $state(false);
@@ -67,6 +190,34 @@
 		}
 	}
 
+	async function savePIN(newVorgangPIN: string, oldVorgangPIN: string) {
+		open = true;
+		inProgress = true;
+		isError = false;
+		try {
+			const res = await fetch(API_ROUTES.VORGANG(vorgangToken), {
+				method: 'PUT',
+				headers: {
+					'Content-Type': 'application/json'
+				},
+				body: JSON.stringify({ vorgangToken, oldVorgangPIN, newVorgangPIN,
+										changePIN: true})
+			});
+
+			if (!res.ok) {
+				throw new Error('Fehler beim Speichern');
+			}
+			await invalidateAll();
+			crimesList = data.crimesList;
+			open = false;
+		} catch (err) {
+			console.error('⚠️ Netzwerkfehler beim Speichern', err);
+			isError = true;
+		} finally {
+			inProgress = false;
+		}
+	}
+
 	async function handleDelete(tatort: string) {
 		open = true;
 		inProgress = true;
@@ -125,10 +276,18 @@ Mit freundlichen Grüßen,
 {#if data.vorgang && crimesList}
 	<div class="-z-10 bg-white">
 		<div class="flex flex-col items-center justify-center w-full">
-			<h1 class="text-xl">Vorgang {vorgangName}</h1>
+			<h1 class="text-xl">{vorgangName}</h1>
 
 			{#if admin}
-				Zugangs-PIN: {vorgangPIN}
+				<div class="flex items-center gap-2">
+				Zugangs-PIN:
+				<NameItemEditor
+				list={[]}
+				currentName={vorgangPIN}
+				onSave={savePIN}
+				onDelete={null}
+				/>
+				</div>
 				<a class="pt-2 pb-6" href={constructMailToLink()}
 					><Button disabled={isEmptyList}>Share Link</Button></a
 				>
@@ -140,56 +299,149 @@ Mit freundlichen Grüßen,
 					<EmptyList></EmptyList>
 				{:else}
 					{#each crimesList as item (item.name)}
-						<li data-testid="test-list-item">
-							<div class=" flex gap-x-4">
+					<li
+					data-testid="test-list-item"
+					class="flex items-center justify-between gap-6 py-4 px-2 hover:bg-gray-50 rounded-lg transition"
+					>
+					<div class="flex items-center gap-4 flex-1">
 						<a
 						data-testid="crime-link"
 						href="{ROUTE_NAMES.CRIME(vorgangToken, item.name, vorgangPIN)}"
-									class=" flex justify-between gap-x-6 py-5"
+						class="flex items-center justify-center w-8 h-8 text-gray-600 hover:text-blue-600 transition"
 						aria-label="{ROUTE_NAMES.CRIME(vorgangToken, item.name, vorgangPIN)}"
 						title={item.name}
 						>
-									<Cube />
+						<Cube class="w-5 h-5" />
 						</a>
-								<div class="min-w-0 flex-auto">
+
+						<div class="flex flex-col flex-1 min-w-0">
 						{#if admin}
 							<NameItemEditor
 							list={crimesList}
 							currentName={item.name}
 							onSave={handleSave}
 							onDelete={handleDelete}
-										></NameItemEditor>
+							/>
 						{:else}
 							<p
 							data-testid="test-nameItem-p"
-											class="text-sm font-semibold leading-6 text-gray-900 inline-block min-w-1"
+							class="text-sm font-semibold leading-6 text-gray-900 truncate"
 							>
 							{item.name}
 							</p>
 						{/if}
+
+						<!-- size left, last modified right -->
+						<div class="flex items-center justify-between mt-1 text-xs leading-5 text-gray-500">
 							{#if item.size}
-										<p class="mt-1 truncate text-xs leading-5 text-gray-500">
-											{shortenFileSize(item.size)}
-										</p>
+							<span>{shortenFileSize(item.size)}</span>
+							{:else}
+							<span></span>
 							{/if}
-								</div>
-							</div>
-							<div class="hidden sm:flex sm:flex-col sm:items-end">
-								<p class="text-sm leading-6 text-gray-900">3D Tatort</p>
 							{#if item.lastModified}
-									<p class="mt-1 text-xs leading-5 text-gray-500">
-										Zuletzt geändert <time datetime="2023-01-23T13:23Z"
-											>{timeElapsed(new Date(item.lastModified))}</time
-										>
-									</p>
+							<span>
+								Zuletzt geändert
+								<time datetime={item.lastModified}>
+								{timeElapsed(new Date(item.lastModified))}
+								</time>
+							</span>
 							{/if}
 						</div>
+						</div>
+					</div>
 					</li>
 					{/each}
 				{/if}
 			</ul>
 		</div>
 
+		{#if admin}
+		<div class="flex justify-center my-4">
+		<ExpandableForm>
+			<div class="mx-auto max-w-2xl">
+				<div class="flex flex-col items-center space-y-6">
+					<!-- Name Input -->
+					<div class="w-full max-w-md">
+						<label for="name" class="block text-sm font-medium leading-6 text-gray-900">
+							<span class="flex">
+								{#if formErrors?.name}
+									<span class="inline-block mr-1"><Exclamation /></span>
+								{/if} Modellname
+							</span>
+						</label>
+						<div class="mt-2">
+							<div
+								class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
+							>
+								<input
+									bind:value={name}
+									type="text"
+									name="name"
+									id="name"
+									autocomplete={name}
+									class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
+								/>
+							</div>
+						</div>
+						{#if formErrors?.name}
+							<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.name}</p>
+						{/if}
+					</div>
+
+					<!-- File Upload -->
+					<div class="w-full max-w-md">
+						<label for="file" class="block text-sm font-medium leading-6 text-gray-900">
+							<span class="flex">
+								{#if formErrors?.file}
+									<span class="inline-block mr-1"><Exclamation /></span>
+								{/if} Datei
+							</span>
+						</label>
+						<div
+							class="mt-2 flex justify-center rounded-lg border border-dashed border-gray-900/25 px-6 py-10"
+						>
+							<div class="text-center">
+								<FileRect />
+								<div class="mt-4 flex text-sm leading-6 text-gray-600">
+									<label
+										for="file"
+										class="relative cursor-pointer rounded-md bg-white font-semibold text-indigo-600 focus-within:outline-none focus-within:ring-2 focus-within:ring-indigo-600 focus-within:ring-offset-2 hover:text-indigo-500"
+									>
+										<span>Wähle eine Datei aus</span>
+										<input id="file" bind:files name="file" type="file" class="sr-only" />
+									</label>
+									<p class="pl-1">oder ziehe sie ins Feld</p>
+								</div>
+								<p class="text-xs leading-5 text-gray-600">GLB Dateien bis zu 1GB</p>
+								{#if files?.length}
+									<div class="flex justify-center text-xs mt-2">
+										<p class="mx-2">Datei: <span class="font-bold">{files[0].name}</span></p>
+										<p class="mx-2">
+											Größe: <span class="font-bold">{shortenFileSize(files[0].size)}</span>
+										</p>
+									</div>
+								{/if}
+							</div>
+						</div>
+						{#if formErrors?.file}
+							<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.file}</p>
+						{/if}
+					</div>
+
+					<div class="mt-6 flex items-center justify-end gap-x-6">
+						<Button
+							on:click={buttonClick}
+							class="rounded-md bg-indigo-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
+						>
+							Hinzufügen
+						</Button>
+					</div>
+				</div>
+				</div>
+			</ExpandableForm>
+			</div>
+		{/if}
+
 		<Modal {open}
 			><ModalTitle>Umbenennen</ModalTitle><ModalContent>
 				{#if inProgress}
@@ -202,6 +454,21 @@ Mit freundlichen Grüßen,
 			</ModalContent>
 			<ModalFooter><Button disabled={inProgress} on:click={closeModal}>Ok</Button></ModalFooter>
 		</Modal>
+
+		<Modal open={openUL}
+			><ModalTitle>Upload</ModalTitle><ModalContent>
+				{#if inProgressUL}
+					<p class="py-2 mb-1">Upload läuft...</p>
+				{:else if etag}
+					<Alert class="w-full">Upload erfolgreich</Alert>
+				{:else}
+					<Alert class="w-full" type="error">Fehler beim Upload</Alert>
+				{/if}
+			</ModalContent>
+			<ModalFooter
+				><Button disabled={inProgressUL} on:click={uploadSuccessful}>Ok</Button></ModalFooter
+			>
+		</Modal>
 	</div>
 {/if}
 

src/routes/(token-based)/list/[vorgang]/+page.ts

@@ -1,25 +0,0 @@
-import { API_ROUTES } from '../../../index.js';
-
-export async function load({fetch, params, url}){
-    const  vorgangResponse = await fetch(API_ROUTES.LIST);
-     const vorgangList = await vorgangResponse.json()
-     const vorgangToken = params.vorgang;
-         const crimesListResponse = await fetch(API_ROUTES.VORGANG(vorgangToken))
-         const crimesList = await crimesListResponse.json();
-    const vorgang = vorgangList.find(v => v.vorgangToken === vorgangToken); //vorgang sollte ein eigener Typ werden, und dann kann man es hier vernünftig typisieren
-    if(!vorgang || !crimesList){
-  	throw new Error(`Fehlgeschlagen, es wurden keine Daten zum token gefunden`);
-    }
-
-	//Variabeln für NameItemEditor
-	const crimeNames: string[] = crimesList.map((l) => l.name);
-
-
-     return {
-      vorgang,
-      vorgangList,
-      crimesList,
-      url,
-      crimeNames
-     }
-}

src/routes/anmeldung/+page.server.ts

@@ -1,19 +1,23 @@
 import { dev } from '$app/environment';
-import { loginUser, logoutUser } from '$lib/server/authService';
-import { redirect } from '@sveltejs/kit';
+import { error, fail, redirect } from '@sveltejs/kit';
 import { ROUTE_NAMES } from '../index.js';
+import { vorgangPINValidation } from '$lib/server/vorgangService.js';
 
 export const actions = {
-	login: ({ request, cookies }) => loginUser({ request, cookies }),
-	logout: (event) => logoutUser(event),
-	getVorgangByToken: async ({ request, cookies }) => {
+	default: async ({ request, cookies }) => {
 		const data = await request.formData();
 		const vorgangToken = data.get('vorgang-token');
-		const vorgangPIN = data.get('vorgang-pin');
+		const vorgangPIN = data.get('vorgang-pin') as string;
 
-		if (!vorgangToken || !vorgangPIN) return;
+		if (!vorgangPIN) {
+			return fail(400, { message: 'Bitte einen PIN eingeben.'});
+		}
 
-		const COOKIE_NAME = `token-${vorgangToken}`
+		if (!vorgangPINValidation(vorgangToken, vorgangPIN)) {
+			return fail(400, { message: 'Falsche Zugangsdaten.'});
+		}
+
+		const COOKIE_NAME = `token-${vorgangToken}`;
 		cookies.set(COOKIE_NAME, vorgangPIN, {
 			path: '/',
 			httpOnly: true,
@@ -24,3 +28,8 @@ export const actions = {
 		throw redirect(303, ROUTE_NAMES.VORGANG(vorgangToken));
 	}
 } as const;
+
+export const load: PageServerLoad = async ({ url }) => {
+	const vorgang = url.searchParams.get('vorgang');
+	if (!vorgang) error(404, "Not Found");
+};

src/routes/anmeldung/+page.svelte

@@ -1,22 +1,15 @@
 <script lang="ts">
 	import BaseInputField from '$lib/components/BaseInputField.svelte';
 	import Button from '$lib/components/Button.svelte';
-	import Modal from '$lib/components/Modal/Modal.svelte';
-	import ModalContent from '$lib/components/Modal/ModalContent.svelte';
-	import ModalFooter from '$lib/components/Modal/ModalFooter.svelte';
-	import ModalTitle from '$lib/components/Modal/ModalTitle.svelte';
 	import ArrowRight from '$lib/icons/Arrow-right.svelte';
-	import Login from '$lib/icons/Login.svelte';
 
 	export let form;
-
-	export let open = false;
-
 	import { page } from '$app/state';
 	import { ROUTE_NAMES } from '../index.js';
 	const vorgangToken = page.url.searchParams.get('vorgang');
 </script>
 
+{#if vorgangToken}
 <div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
 	<div class="sm:mx-auto sm:w-full sm:max-w-sm">
 		<img class="mx-auto h-10 w-auto" src="/Landeswappen_NI.svg" alt="Landeswappen Niedersachsen" />
@@ -28,14 +21,9 @@
 	<div class="w-full max-w-sm mx-auto">
 		<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
 			<div class="mt-10">
-				<form action="{ROUTE_NAMES.ANMELDUNG_GET_VORGANG_BY_TOKEN}" method="POST">
-					<BaseInputField
-						id="vorgang-token"
-						name="vorgang-token"
-						label="Vorgangskennung"
-						type="text"
-						value={vorgangToken}
-					/>
+
+					<form method="POST">
+						<input type="hidden" name="vorgang-token" value={vorgangToken} />
 						<div class="mt-5">
 							<BaseInputField
 								id="vorgang-pin"
@@ -46,55 +34,17 @@
 								error={form?.error?.message}
 							/>
 						</div>
+						{#if form?.message}
+							<p class="block text-sm leading-6 text-red-900 mt-2">{form.message}</p>
+						{/if}
+
 						<div class="flex justify-end pt-4">
 							<Button type="submit"><ArrowRight /></Button>
 						</div>
 					</form>
-			</div>
-		</div>
-		<div class="flex justify-end mt-10 px-3">
-			<Button on:click={() => (open = true)}><Login /></Button>
-		</div>
-	</div>
-</div>
-<Modal {open}>
-	<ModalTitle>Anmelden</ModalTitle>
-	<ModalContent class="flex justify-center">
-		<form action="{ROUTE_NAMES.ANMELDUNG_LOGIN}" method="POST">
-			<div>
-				<label for="user" class="text-sm font-medium leading-6 text-gray-900">Kennung</label>
-				<div class="mt-2">
-					<input
-						id="user"
-						name="user"
-						type="text"
-						autocomplete="email"
-						required
-						class="rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
-					/>
-				</div>
-			</div>
 
-			<div>
-				<label for="password" class="block text-sm font-medium leading-6 text-gray-900"
-					>Passwort</label
-				>
-				<div class="mt-2">
-					<input
-						id="password"
-						name="password"
-						type="password"
-						autocomplete="current-password"
-						required
-						class="block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
-					/>
 			</div>
 		</div>
-
-			<div class="flex justify-end">
-				<Button type="submit" class="mt-5">Anmelden</Button>
 	</div>
-		</form>
-	</ModalContent>
-	<ModalFooter><Button on:click={() => (open = false)}>Ok</Button></ModalFooter>
-</Modal>
+</div>
+{/if}

src/routes/api/list/+server.ts

@@ -1,7 +1,6 @@
 import { getVorgaenge } from '$lib/server/vorgangService';
 
-export async function GET({ locals }) {
-
+export async function GET() {
 	const vorgaenge = getVorgaenge();
 
 	return new Response(JSON.stringify(vorgaenge), {

src/routes/api/list/[vorgang]/+server.ts

@@ -1,8 +1,10 @@
 import { BUCKET, client } from '$lib/minio';
+import { json } from '@sveltejs/kit';
 import {
 	deleteVorgangByToken,
 	getCrimesListByToken,
-	vorgangNameExists
+	vorgangNameExists,
+	updateVorgangAttrByToken
 } from '$lib/server/vorgangService';
 
 export async function DELETE({ params }) {
@@ -43,8 +45,7 @@ export async function HEAD({ params }) {
 	}
 }
 
-export async function GET({ params, locals }) {
-
+export async function GET({ params }) {
 	try {
 		const vorgangToken = params.vorgang;
 		const crimesList = await getCrimesListByToken(vorgangToken);
@@ -57,3 +58,31 @@ export async function GET({ params, locals }) {
 		return new Response(null, { status: 500 });
 	}
 }
+
+// change Vorgang properties
+export async function PUT({ request }) {
+	const data = await request.json();
+	
+	const vorgangToken = data['vorgangToken'];
+
+	const changePIN = data['changePIN'];
+
+	let attrChanged;
+	let newValue;
+	
+	if (changePIN) {
+		attrChanged = 'pin';
+		newValue = data['newVorgangPIN']
+	} else {
+		attrChanged = 'name';
+		newValue = data['newName']
+	}
+
+	const res = updateVorgangAttrByToken(vorgangToken, newValue, attrChanged);
+	
+	if (!res) {
+		return json({ msg: 'Fehler beim Umbenennen' }, { status: 400 });
+	}
+
+	return json({ success: 'success' }, { status: 200 });
+}

src/routes/api/list/[vorgang]/[tatort]/+server.ts

@@ -24,7 +24,7 @@ export async function GET() {
 	});
 }
 
-export async function DELETE({ request }: { request: Request }) {
+export async function DELETE({ request }) {
 	const url_fragments = request.url.split('/');
 	const item = url_fragments.at(-1);
 	const vorgang = url_fragments.at(-2);

src/routes/api/users/+server.ts

@@ -4,21 +4,14 @@ import bcrypt from 'bcrypt';
 
 const saltRounds = 12;
 
-export function GET({ locals }) {
-	if (!locals.user) {
-		return json({ error: 'Unauthorized' }, { status: 401 });
-	}
+export function GET() {
 
 	const userList = getUsers();
 
 	return new Response(JSON.stringify(userList));
 }
 
-export async function POST({ request, locals }) {
-	if (!locals.user) {
-		return json({ error: 'Unauthorized' }, { status: 401 });
-	}
-
+export async function POST({ request }) {
 	const data = await request.json();
 	const userName = data.userName;
 	const userPassword = data.userPassword;

src/routes/api/users/[user]/+server.ts

@@ -1,11 +1,6 @@
-import { json } from '@sveltejs/kit';
 import { deleteUser } from '$lib/server/userService';
 
-export async function DELETE({ params, locals }) {
-	if (!locals.user) {
-		return json({ error: 'Unauthorized' }, { status: 401 });
-	}
-
+export async function DELETE({ params }) {
 	const userId = params.user;
 	const rowCount = deleteUser(userId);
 

src/routes/index.ts

@@ -16,8 +16,8 @@ export const ROUTE_NAMES = {
 
 	// Anmeldung: actions
 	ANMELDUNG: '/anmeldung',
-	ANMELDUNG_LOGIN: '/anmeldung?/login',
-	ANMELDUNG_LOGOUT: '/anmeldung?/logout',
+	LOGIN: '/?/login',
+	LOGOUT: '/?/logout',
 	ANMELDUNG_GET_VORGANG_BY_TOKEN: '/anmeldung?/getVorgangByToken',
 	ANMELDUNG_VORGANG_PARAM: (vorgangToken: string) => `/anmeldung?vorgang=${vorgangToken}`
 };
@@ -36,3 +36,6 @@ export const API_ROUTES = {
 	USERS: '/api/users',
 	USER: (userId: string) => `/api/users/${userId}`
 };
+
+const isProd = process.env.NODE_ENV == 'production';
+export const DB_FULLPATH = !isProd ? './src/lib/data/tatort.db' : '/daten/tatort.db';

tests/api/API_Protection.test.ts

@@ -0,0 +1,37 @@
+import { describe, test, expect, vi } from 'vitest';
+import { handle } from '../../src/hooks.server';
+
+const event = {
+    url: new URL("http://localhost/api/list"),
+    cookies: { get: vi.fn(() => null) },
+    locals: {user: null}
+};
+
+vi.mock('$lib/auth', () => ({
+    decryptToken: vi.fn()
+}));
+
+describe('API-Endpoints: Zugangs-Mechanismus', () => {
+    test('Unautorisierter Zugriff', async () => {
+        const resolve = vi.fn();
+
+        const response = await handle({ event, resolve });
+
+        expect(response.status).toBe(401);
+        const body = await response.json();
+        expect(body.error).toBe('Unauthorized');
+        expect(resolve).not.toHaveBeenCalled();
+    });
+
+    test('Authentifizierter Zugriff', async () => {
+        event.locals = {user: { id: 'admin', admin: true }}
+
+        const resolve = vi.fn(() => new Response('ok', { status: 200 }));
+
+        const response = await handle({ event, resolve });
+
+        expect(response.status).toBe(200);
+        expect(await response.text()).toBe('ok');
+        expect(resolve).toHaveBeenCalled();
+    });
+})

tests/api/List.test.ts

@@ -14,21 +14,6 @@ const event = {
 };
 
 describe('API-Endpoints: list', () => {
-	test.skip('Unerlaubter Zugriff', async () => {
-		const event = {
-			locals: {
-				user: null
-			}
-		};
-
-		const response = await GET(event);
-		expect(response.status).toBe(401);
-
-		const json = await response.json();
-		const errorObj = { error: 'Unauthorized' };
-		expect(json).toEqual(errorObj);
-	});
-
 	test('Leere Liste wenn keine Vorgänge existieren', async () => {
 		vi.mocked(getVorgaenge).mockReturnValueOnce([]);
 

tests/api/ListVorgang.test.ts

@@ -31,21 +31,6 @@ const MockEvent = {
 };
 
 describe('API-Endpoints: list/[vorgang]', () => {
-	test.skip('Unerlaubter Zugriff', async () => {
-		const event = {
-			locals: {
-				user: null
-			}
-		};
-
-		const response = await GET(event);
-		expect(response.status).toBe(401);
-
-		const json = await response.json();
-		const errorObj = { error: 'Unauthorized' };
-		expect(json).toEqual(errorObj);
-	});
-
 	test('Vorgang ohne Tatorte', async () => {
 		const testCrimesList = [];
 

tests/api/ListVorgangTatort.test.ts

@@ -1,6 +1,7 @@
 import { describe, test, expect, vi } from 'vitest';
 import { DELETE, PUT } from '$root/routes/api/list/[vorgang]/[tatort]/+server';
 import { BUCKET, client } from '$lib/minio';
+import { baseData } from '../fixtures';
 
 // Mock data and methods
 const fakeVorgangToken = `c399423a-ba37-4fe1-bbdf-80e5881168ff`;
@@ -22,7 +23,8 @@ vi.mock('$lib/minio', () => ({
 describe('API-Endpoints: list/[vorgang]/[tatort]', () => {
 	test('Löschen von Tatorten', async () => {
 		const request = new Request(fakeCrimeAPIURL);
-		const response = await DELETE({ request });
+		const locals = { user: baseData.user }
+		const response = await DELETE({ locals, request });
 
 		expect(client.removeObject).toHaveBeenCalledWith(BUCKET, fakeCrimePath);
 
@@ -40,11 +42,12 @@ describe('API-Endpoints: list/[vorgang]/[tatort]', () => {
 			})
 		});
 		const params = { vorgang: fakeVorgangToken };
+		const locals = { user: baseData.user }
 
 		// Mock Datei nicht gefunden
 		client.statObject.mockRejectedValueOnce(new Error('NotFound'));
 
-		const response = await PUT({ params, request });
+		const response = await PUT({ locals, params, request });
 
 		const fakeCrimeNewPath = `${fakeVorgangToken}/${fakeCrimeNewName}`;
 		expect(client.statObject).toHaveBeenCalledWith(BUCKET, fakeCrimeNewPath);
@@ -62,9 +65,10 @@ describe('API-Endpoints: list/[vorgang]/[tatort]', () => {
 				newName: ''
 			})
 		});
+		const locals = { user: baseData.user }
 		const params = { vorgang: fakeVorgangToken };
 
-		const response = await PUT({ params, request });
+		const response = await PUT({ locals, params, request });
 		expect(response.status).toBe(400);
 	});
 
@@ -77,11 +81,12 @@ describe('API-Endpoints: list/[vorgang]/[tatort]', () => {
 			})
 		});
 		const params = { vorgang: fakeVorgangToken };
+		const locals = { user: baseData.user }
 
 		// Datei existiert bereits
 		client.statObject.mockResolvedValueOnce({});
 
-		const response = await PUT({ params, request });
+		const response = await PUT({ locals, params, request });
 
 		expect(response.status).toBe(400);
 

tests/api/Users.test.ts

@@ -16,21 +16,6 @@ vi.mock('bcrypt', () => ({
 }));
 
 describe('API-Endpoint: Users', () => {
-	test('Unerlaubter Zugriff', async () => {
-		const event = {
-			locals: {
-				user: null
-			}
-		};
-
-		const response = await GET(event);
-		expect(response.status).toBe(401);
-
-		const errorMessage = { error: 'Unauthorized' };
-		const json = await response.json();
-		expect(json).toEqual(errorMessage);
-	});
-
 	// [INFO] Test auf keine User nicht notwendig, da immer min. ein User vorhanden
 
 	// Mock eingelogter User bzw. stelle locals.user zur Verfügung

tests/api/VorgangVorgangPIN.test.ts

@@ -1,9 +1,11 @@
 import { describe, test, expect, vi } from 'vitest';
 import { GET } from '$root/routes/api/vorgang/[vorgang]/vorgangPIN/+server';
 import { db } from '$lib/server/dbService';
+import { baseData } from '../fixtures';
 
 const mockEvent = {
-	params: { vorgang: '123' }
+	params: { vorgang: '123' },
+	locals: { user: baseData.user }
 };
 
 vi.mock('$lib/server/dbService', () => ({

tests/components/NameItemEditor.test.ts

@@ -18,7 +18,13 @@ describe('NameItemEditor - Funktionalität', () => {
 		onDelete
 	};
 
-	test.todo('FocusIn nach Klick auf edit');
+	test('Focus Input nach Klick auf edit', async () => {
+        render(NameItemEditor, { props: baseProps });
+        await fireEvent.click(screen.getByTestId('edit-button'));
+        const input = screen.getByTestId('test-input');
+
+        expect(document.activeElement).toBe(input);
+	});
 
 	it('zeigt initial Edit/Delete Buttons und aktuellen Namen', () => {
 		render(NameItemEditor, { props: baseProps });
@@ -87,7 +93,7 @@ describe('NameItemEditor - Funktionalität', () => {
 		expect(onSave).not.toHaveBeenCalled();
 	});
 
-	it('ruft onSave korrekt auf bei gültigem Namen', async () => {
+	it('ruft onSave korrekt auf bei gültigem Namen: Tatort/Crime', async () => {
 		render(NameItemEditor, { props: baseProps });
 		await fireEvent.click(screen.getByTestId('edit-button'));
 
@@ -95,7 +101,7 @@ describe('NameItemEditor - Funktionalität', () => {
 		await fireEvent.input(input, { target: { value: testLocalName } });
 		await fireEvent.click(screen.getByTestId('commit-button'));
 
-		expect(onSave).toHaveBeenCalledWith(testLocalName, testCurrentName);
+		expect(onSave).toHaveBeenCalledWith(testLocalName, testCurrentName, undefined);
 	});
 
 	it('ruft onDelete korrekt auf', async () => {
@@ -117,7 +123,7 @@ describe('NameItemEditor - Funktionalität', () => {
 		expect(screen.getByTestId('edit-button')).toBeInTheDocument();
 	});
 
-	it('triggert Save bei Enter-Taste', async () => {
+	it('triggert Save bei Enter-Taste: Tatort/Crime', async () => {
 		render(NameItemEditor, { props: baseProps });
 		await fireEvent.click(screen.getByTestId('edit-button'));
 
@@ -125,7 +131,7 @@ describe('NameItemEditor - Funktionalität', () => {
 		await fireEvent.input(input, { target: { value: 'ViaEnter' } });
 		await fireEvent.keyDown(input, { key: 'Enter' });
 
-		expect(onSave).toHaveBeenCalledWith('ViaEnter', testCurrentName);
+		expect(onSave).toHaveBeenCalledWith('ViaEnter', testCurrentName, undefined);
 	});
 
 	it('bricht ab bei Escape-Taste', async () => {

tests/fixtures.ts

@@ -41,7 +41,7 @@ export const baseData = {
 	vorgang: testVorgangsList[0],
 	vorgangList: testVorgangsList,
 	crimesList: testCrimesList,
-	url: `https://example.com/list/${testVorgangsList[0].vorgangToken}`,
+	url: new URL(`https://example.com/list/${testVorgangsList[0].vorgangToken}`),
 	crimeNames: ['modell-A', 'Fall-A']
 };
 

tests/views/Anmeldung.test.ts

@@ -1,16 +1,18 @@
 import { describe, it, expect, vi } from 'vitest';
-import { actions } from '$root/routes/anmeldung/+page.server';
-import { load } from '$root/routes/(token-based)/+layout.server'
+// import { actions } from '$root/routes/anmeldung/+page.server';
+// import { load } from '$root/routes/(token-based)/+layout.server'
+import { actions } from '../../src/routes/anmeldung/+page.server';
+import { load } from '../../src/routes/(token-based)/+layout.server';
 
 import { baseData } from '../fixtures';
 import { ROUTE_NAMES } from '../../src/routes';
 import { dev } from '$app/environment';
 import { vorgangExists, vorgangPINValidation } from '$lib/server/vorgangService';
-import { Redirect } from '@sveltejs/kit';
+import type { Redirect } from '@sveltejs/kit';
 
 vi.mock('$lib/server/vorgangService', () => ({
 	vorgangExists: vi.fn(),
-  vorgangPINValidation: vi.fn(),
+	vorgangPINValidation: vi.fn()
 }));
 
 describe('Vorgang Anzeige via Token', () => {
@@ -25,6 +27,7 @@ describe('Vorgang Anzeige via Token', () => {
 		const mockRequest = {
 			formData: vi.fn().mockResolvedValue(formData)
 		};
+		vi.mocked(vorgangPINValidation).mockReturnValueOnce(true);
 
 		const cookiesSet = vi.fn();
 
@@ -37,7 +40,7 @@ describe('Vorgang Anzeige via Token', () => {
 
 		let thrownRedirect: Redirect | undefined;
 		try {
-      await actions.getVorgangByToken(event);
+			await actions.default(event);
 		} catch (e) {
 			thrownRedirect = e as Redirect;
 		}
@@ -47,7 +50,7 @@ describe('Vorgang Anzeige via Token', () => {
 		expect(thrownRedirect?.location).toBe(ROUTE_NAMES.VORGANG(vorgObj.vorgangToken));
 
 		// Cookie wurde gesetzt
-    const COOKIE_NAME = `token-${vorgObj.vorgangToken}`
+		const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
 		expect(cookiesSet).toHaveBeenCalledWith(COOKIE_NAME, vorgObj.vorgangPIN, {
 			path: '/',
 			httpOnly: true,
@@ -58,11 +61,38 @@ describe('Vorgang Anzeige via Token', () => {
 
 	it('Schlägt fehl wenn keine Daten übergeben werden', async () => {
 		const formData = new FormData(); // no data
+		const mockRequest = {
+			formData: vi.fn().mockResolvedValue(formData)
+		};
+		const cookiesSet = vi.fn();
+		const event = {
+			request: mockRequest,
+			cookies: {
+				set: cookiesSet
+			}
+		};
+		const result = await actions.default(event);
+		expect(result.status).toBe(400);
+		expect(result.data.message).toMatch(/PIN eingeben/i);
+		// Cookie wird nicht gesetzt
+		expect(cookiesSet).not.toHaveBeenCalled();
+	});
+
+	it('Falsche PIN', async () => {
+		// Mock formData
+		const vorgObj = baseData.vorgang;
+
+		const formData = new FormData();
+		formData.set('vorgang-token', vorgObj.vorgangToken);
+		formData.set('vorgang-pin', vorgObj.vorgangPIN);
 
 		const mockRequest = {
 			formData: vi.fn().mockResolvedValue(formData)
 		};
 
+		// PIN-Validierung nicht erfolgreich
+		vi.mocked(vorgangPINValidation).mockReturnValueOnce(false);
+
 		const cookiesSet = vi.fn();
 
 		const event = {
@@ -72,26 +102,26 @@ describe('Vorgang Anzeige via Token', () => {
 			}
 		};
 
-    const result = await actions.getVorgangByToken(event);
-
-    expect(result).toBeUndefined();
-
-    // Cookie wird nicht gesetzt
-    expect(cookiesSet).not.toHaveBeenCalled();
+		const result = await actions.default(event);
+		expect(result.status).toBe(400);
+		expect(result.data.message).toMatch(/Falsch/i);
 	});
+
+	// Nicht vorhandener Vorgang-Token nicht notwendig, da PIN-Check
+	// entsprechend fehlerhaft
+	it.skip('Nicht vorhandener Vorgang-Token', () => {});
 });
 
 describe('Teste Guard', () => {
 	it('Lese Cookie aus', async () => {
 		const vorgObj = baseData.vorgang;
 
-    const COOKIE_NAME = `token-${vorgObj.vorgangToken}`
+		const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
 		const cookiesGet = vi.fn().mockImplementation((key: string) => {
 			if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
 			return undefined;
 		});
 
-
 		// mocked objects
 		const event = {
 			cookies: {
@@ -111,13 +141,12 @@ describe('Teste Guard', () => {
 	it('Kein Cookie gesetzt', async () => {
 		const vorgObj = baseData.vorgang;
 
-    const COOKIE_NAME = `token-${vorgObj.vorgangToken}`
+		const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
 		const cookiesGet = vi.fn().mockImplementation((key: string) => {
 			if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
 			return undefined;
 		});
 
-
 		// mocked objects
 		const event = {
 			cookies: {
@@ -132,12 +161,14 @@ describe('Teste Guard', () => {
 		let thrownRedirect;
 		try {
 			await load(event);
-      throw new Error('Function did not throw')
+			throw new Error('Function did not throw');
 		} catch (e) {
 			thrownRedirect = e;
 		}
 		expect(thrownRedirect?.status).toBe(303);
-    expect(thrownRedirect?.location).toBe(ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgObj.vorgangToken));
+		expect(thrownRedirect?.location).toBe(
+			ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgObj.vorgangToken)
+		);
 
 		expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
 	});

tests/views/Home.view.test.ts

@@ -13,9 +13,8 @@ describe('Home-Page View', () => {
 		expect(linkElement).toBeInTheDocument();
 		expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.LIST);
 
-		linkElement = screen.getByText('Hinzufügen');
-		expect(linkElement).toBeInTheDocument();
-		expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.UPLOAD);
+		linkElement = screen.queryByText('Hinzufügen');
+		expect(linkElement).not.toBeInTheDocument();
 
 		linkElement = screen.getByText('Benutzerverwaltung');
 		expect(linkElement).toBeInTheDocument();

tests/views/Layout.test.ts

@@ -4,20 +4,15 @@ import { ROUTE_NAMES } from '../../src/routes';
 import { baseData, mockEvent } from '../fixtures';
 
 describe('+layout.server load(): Teste korrekte URL', () => {
-	test('Werfe redirect zu /anmeldung wenn User nicht eingeloggt', async () => {
+	test('Werfe keinen Redirect und gebe nichts zurück', async () => {
 		const mockEvent = {
 			locals: {
 				user: null
 			},
 			url: new URL(`https://example.com/not-anmeldung`)
 		};
-		try {
-			load(mockEvent);
-			throw new Error('Expected load() to throw');
-		} catch (err) {
-			expect(err.status).toBe(303);
-			expect(err.location).toBe(ROUTE_NAMES.ANMELDUNG);
-		}
+		const res = load(mockEvent);
+		expect(res).toBe(undefined);
 	});
 });
 

tests/views/TatortList.test.ts

@@ -9,11 +9,46 @@ import { API_ROUTES } from '../../src/routes';
 vi.spyOn(nav, 'invalidateAll').mockResolvedValue();
 global.fetch = vi.fn().mockResolvedValue({ ok: true });
 
+async function clickPlusButton() {
+  // mock animation features of the browser
+
+  window.HTMLElement.prototype.scrollIntoView = vi.fn();
+  window.HTMLElement.prototype.animate = vi.fn(() => ({
+    finished: Promise.resolve(),
+    cancel: vi.fn(),
+  }))
+
+  // button is visible
+  const button = screen.getByRole('button', { name: /add item/i })
+  expect(button).toBeInTheDocument();
+
+  await fireEvent.click(button)
+}
 
 describe('Seite: Vorgangsansicht', () => {
-  test.todo('Share Link disabled wenn Liste leer');
+  test('Share Link disabled wenn Liste leer', () => {
+    const testData = { ...baseData, crimesList: [] };
+    render(TatortListPage, { props: { data: testData } });
+
+    const button = screen.getByRole('button', { name: /share link/i });
+    expect(button).toBeInTheDocument()
+    expect(button).toBeDisabled();
+  });
+
   describe('Szenario: Admin + Liste gefüllt - Funktionalität', () => {
-    test.todo('Share Link Link generierung richtig');
+    test('Share Link Link generierung richtig', () => {
+        const testData = { ...baseData};
+
+        render(TatortListPage, { props: { data: testData } });
+
+        const link = screen.getByRole('link', { name: /share link/i });
+        expect(link).toBeInTheDocument()
+
+        // const vorgangTokenFirstUUIDGroup = testData.vorgangList[0].vorgangToken.split('-')[0]
+        const vorgangURL = testData.url.toString()
+        const vorgangURLEncoded = encodeURIComponent(vorgangURL)
+        expect(link).toHaveAttribute('href', expect.stringContaining(vorgangURLEncoded));
+    });
 
     it('führt PUT-Request aus und aktualisiert UI nach onSave', async () => {
       const data = structuredClone(baseData);
@@ -83,3 +118,42 @@ describe('Seite: Vorgangsansicht', () => {
     });
   });
 });
+
+
+describe('Hinzufügen Button', () => {
+  it('Unexpandierter Button', () => {
+    const testData = { ...baseData, vorgangList: [] };
+    const { getByTestId } = render(TatortListPage, { props: { data: testData } });
+
+    const container = getByTestId('expand-container')
+    expect(container).toBeInTheDocument();
+
+    // button is visible
+    const button = within(container).getByRole('button')
+    expect(button).toBeInTheDocument();
+
+    // input fields are not visible
+    let label = screen.queryByText('Modellname');
+    expect(label).not.toBeInTheDocument();
+  });
+
+  it('Expandierter Button nach Klick', async () => {
+
+    const testData = { ...baseData, vorgangList: [] };
+    render(TatortListPage, { props: { data: testData } });
+
+    await clickPlusButton();
+
+    // input fields are visible
+    let label = screen.queryByText('Modellname');
+    expect(label).toBeInTheDocument();
+  });
+
+  it.todo('Check Validation: missing name', async () => {
+    console.log(`test: input field validation`);
+  });
+
+  it.todo('Create Tatort successful', async () => {
+    console.log(`test: tatort upload`);
+  });
+});

tests/views/TatortList.view.test.ts

@@ -100,4 +100,16 @@ describe('Seite: Vorgangsansicht', () => {
 			expect(linkElement).toHaveAttribute('href', expectedURL);
 		});
 	});
+
+	describe('PIN Anzeige & Button', () => {
+		it('Teste korrekte Anzeige von PIN Komponente', () => {
+			const testData = { ...baseData};
+			render(TatortListPage, { props: { data: testData } });
+			const vorgObj = baseData.vorgangList[0]
+
+			// PIN is being displayed within ´NameItemEditor´
+			let label = screen.queryByText(vorgObj.vorgangPIN);
+			expect(label).toBeInTheDocument();
+		});
+	});
 });

tests/views/VorgangList.view.test.ts

@@ -1,8 +1,18 @@
-import { render, screen, within } from '@testing-library/svelte';
-import { describe, expect, it } from 'vitest';
+import { render, fireEvent, screen, within } from '@testing-library/svelte';
+import { describe, expect, it, vi } from 'vitest';
 import VorgangListPage from '$root/routes/(angemeldet)/list/+page.svelte';
 import { baseData } from '../fixtures';
 import { ROUTE_NAMES } from '../../src/routes';
+import { actions } from '../../src/routes/(angemeldet)/list/+page.server';
+import { createVorgang } from '$lib/server/vorgangService';
+
+// mock animation features of the browser
+
+window.HTMLElement.prototype.scrollIntoView = vi.fn();
+window.HTMLElement.prototype.animate = vi.fn(() => ({
+	finished: Promise.resolve(),
+													cancel: vi.fn(),
+}))
 
 describe('Vorgänge Liste Page EmptyList-Komponente View', () => {
 	it('zeigt EmptyList-Komponente an, wenn Liste leer ist', () => {
@@ -43,3 +53,132 @@ describe('Teste Links auf Korrektheit', () => {
 		expect(linkElement.getAttribute('href')?.toLowerCase()).not.toContain('pin');
 	});
 });
+
+async function clickPlusButton() {
+	// button is visible
+	const button = screen.getByTestId('expand-button')
+	expect(button).toBeInTheDocument();
+
+	await fireEvent.click(button)
+}
+
+async function inputVorgang() {
+	const input = document.getElementById("vorgang");
+	input.value = 'test-vorgang';
+	// firing the event manually for Svelte
+	await fireEvent.input(input)
+
+	expect(input).toHaveValue('test-vorgang');
+}
+
+async function inputVorgangPIN() {
+	const input = document.getElementById("pin");
+	input.value = 'test-pin';
+	// firing the event manually for Svelte
+	await fireEvent.input(input)
+
+	expect(input).toHaveValue('test-pin');
+}
+
+
+describe('Hinzufügen Buton', () => {
+	it('Unexpandierter Button', () => {
+		const testData = { ...baseData, vorgangList: [] };
+		const { getByTestId } = render(VorgangListPage, { props: { data: testData } });
+
+		const container = getByTestId('expand-container')
+		expect(container).toBeInTheDocument();
+
+		// button is visible
+		const button = within(container).getByRole('button')
+		expect(button).toBeInTheDocument();
+
+		// input fields are not visible
+		let label = screen.queryByText('Vorgangsname');
+		expect(label).not.toBeInTheDocument();
+	});
+
+	it('Expandierter Button nach Klick', async () => {
+
+		const testData = { ...baseData, vorgangList: [] };
+		render(VorgangListPage, { props: { data: testData } });
+
+		await clickPlusButton()
+
+		// input fields are visible
+		let label = screen.queryByText('Vorgangsname');
+		expect(label).toBeInTheDocument();
+	});
+
+	it('Check Validation: missing PIN', async () => {
+
+		const testData = { ...baseData, vorgangList: [] };
+		render(VorgangListPage, { props: { data: testData } });
+
+		await clickPlusButton()
+
+		// input
+		inputVorgang();
+
+		// submit
+		const button = screen.getByText('Neuen Vorgang hinzufügen')
+		expect(button).toBeInTheDocument()
+		await fireEvent.click(button);
+		const errorMsg = 'Bitte einen Vorgangs-PIN eingeben.';
+		let para = await screen.getByText(errorMsg);
+		expect(para).toBeInTheDocument();
+	});
+
+	it('Create Vorgang successful', async () => {
+
+		const testData = { ...baseData, vorgangList: [] };
+		render(VorgangListPage, { props: { data: testData } });
+
+		await clickPlusButton();
+
+		// input fields are visible
+		let label = screen.queryByText('Vorgangsname');
+		expect(label).toBeInTheDocument();
+
+		inputVorgang();
+		inputVorgangPIN();
+
+		// emulate button click
+		const button = screen.getByText('Neuen Vorgang hinzufügen');
+		expect(button).toBeInTheDocument();
+		await fireEvent.click(button);
+
+		// no error message
+		label = screen.queryByText('Bitte');
+		expect(label).not.toBeInTheDocument();
+	});
+
+	it('Test default action', async () => {
+		vi.mock('$lib/server/vorgangService', () => ({
+			createVorgang: vi.fn(),
+		}));
+
+		const formData = new FormData(); // no data as we are mocking createVorgang
+		const mockRequest = {
+			formData: vi.fn().mockResolvedValue(formData)
+		};
+		const event = {
+			request: mockRequest,
+		};
+
+		const testVorgangToken = 'c322f26f-8c5e-4cb9-94b3-b5433bf5109e'
+		vi.mocked(createVorgang).mockReturnValueOnce(testVorgangToken);
+		const result = await actions.default(event);
+		expect(result).toEqual({ token: testVorgangToken });
+	});
+});
+
+describe('Vorgang-Operationen', () => {
+	it('Teste korrekte Anzeige von Vorgang-Input Komponente', () => {
+		const testData = { ...baseData};
+		const { getAllByTestId } = render(VorgangListPage, { props: { data: testData } });
+
+		let buttons = getAllByTestId('edit-button')
+		expect(buttons.length).toBeGreaterThan(1);
+	});
+});