--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/client/src/store/user.js	Tue Oct 30 16:55:29 2018 +0100
@@ -0,0 +1,96 @@
+/*
+ * This is Free Software under GNU Affero General Public License v >= 3.0
+ * without warranty, see README.md and license for details.
+ * 
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ * License-Filename: LICENSES/AGPL-3.0.txt
+ * 
+ * Copyright (C) 2018 by via donau 
+ *   – Österreichische Wasserstraßen-Gesellschaft mbH
+ * Software engineering by Intevation GmbH
+ * 
+ * Author(s):
+ * Thomas Junk <thomas.junk@intevation.de>
+ */
+
+import { HTTP } from "../application/lib/http";
+
+const User = {
+  namespaced: true,
+  state: {
+    authenticated: false,
+    expires: null,
+    roles: [],
+    user: ""
+  },
+  getters: {
+    isAuthenticated: state => {
+      return state.authenticated;
+    },
+    userinfo: state => {
+      return state.user;
+    },
+    roles: state => {
+      return state.roles;
+    },
+    expires: state => {
+      return state.expires;
+    },
+    isWaterwayAdmin: state => {
+      return state.roles.includes("waterway_admin");
+    },
+    isSysAdmin: state => {
+      return state.roles.includes("sys_admin");
+    }
+  },
+  mutations: {
+    auth_success: (state, data) => {
+      const { token, user, expires, roles } = data;
+      localStorage.setItem("expires", expires);
+      localStorage.setItem("roles", roles);
+      localStorage.setItem("token", token);
+      localStorage.setItem("user", user);
+      state.expires = expires;
+      state.roles = roles;
+      state.user = user;
+      state.authenticated = true;
+    },
+    clear_auth: state => {
+      state.authenticated = false;
+      state.expires = null;
+      state.roles = [];
+      state.user = "";
+      localStorage.clear();
+    },
+    set_user: (state, name) => {
+      state.user = name;
+    },
+    set_roles: (state, roles) => {
+      state.roles = roles;
+    },
+    set_expires: (state, expires) => {
+      state.expires = expires;
+    },
+    set_authenticate: state => {
+      state.authenticated = true;
+    }
+  },
+  actions: {
+    login({ commit }, user) {
+      // using POST is a bit more secure than GET
+      return new Promise((resolve, reject) => {
+        HTTP.post("/login", user)
+          .then(response => {
+            commit("auth_success", response.data);
+            resolve(response);
+          })
+          .catch(error => {
+            commit("clear_auth");
+            reject(error);
+          });
+      });
+    }
+  }
+};
+
+export default User;