Initial commit: Lageplan v1.0 - Next.js 15.5, React 19

src/app/api/projects/[id]/features/route.ts

@@ -0,0 +1,139 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { prisma } from '@/lib/db'
+import { featureSchema } from '@/lib/validations'
+import { getProjectWithTenantCheck } from '@/lib/tenant'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getSession()
+    if (!user) {
+      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+    }
+
+    const project = await getProjectWithTenantCheck(params.id, user)
+    if (!project) {
+      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
+    }
+
+    const features = await (prisma as any).feature.findMany({
+      where: { projectId: params.id },
+      orderBy: { createdAt: 'asc' },
+    })
+
+    return NextResponse.json({ features })
+  } catch (error) {
+    console.error('Error fetching features:', error)
+    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
+  }
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getSession()
+    if (!user) {
+      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+    }
+
+    if (user.role === 'VIEWER') {
+      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
+    }
+
+    const project = await getProjectWithTenantCheck(params.id, user)
+    if (!project) {
+      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
+    }
+
+    if (project.isLocked && user.role !== 'SERVER_ADMIN') {
+      return NextResponse.json({ error: 'Projekt ist gesperrt' }, { status: 403 })
+    }
+
+    const body = await request.json()
+    const validated = featureSchema.safeParse(body)
+    
+    if (!validated.success) {
+      return NextResponse.json(
+        { error: 'Ungültige Eingabedaten', details: validated.error.flatten() },
+        { status: 400 }
+      )
+    }
+
+    const feature = await (prisma as any).feature.create({
+      data: {
+        projectId: params.id,
+        type: validated.data.type,
+        geometry: validated.data.geometry,
+        properties: validated.data.properties || {},
+      },
+    })
+
+    return NextResponse.json({ feature }, { status: 201 })
+  } catch (error) {
+    console.error('Error creating feature:', error)
+    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getSession()
+    if (!user) {
+      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+    }
+
+    if (user.role === 'VIEWER') {
+      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
+    }
+
+    const project = await getProjectWithTenantCheck(params.id, user)
+    if (!project) {
+      const exists = await (prisma as any).project.findUnique({ where: { id: params.id }, select: { id: true, tenantId: true, ownerId: true } })
+      if (!exists) {
+        console.warn(`[Features PUT] Project ${params.id} not in DB`)
+        return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
+      }
+      console.warn(`[Features PUT] Access denied: user=${user.id} tenant=${user.tenantId}, project owner=${exists.ownerId} tenant=${exists.tenantId}`)
+      return NextResponse.json({ error: 'Keine Berechtigung für dieses Projekt' }, { status: 403 })
+    }
+
+    if (project.isLocked && user.role !== 'SERVER_ADMIN') {
+      return NextResponse.json({ error: 'Projekt ist gesperrt' }, { status: 403 })
+    }
+
+    const body = await request.json()
+    const { features } = body as { features: Array<{ id?: string; type: string; geometry: object; properties?: object }> }
+
+    await (prisma as any).feature.deleteMany({
+      where: { projectId: params.id },
+    })
+
+    if (features && features.length > 0) {
+      await (prisma as any).feature.createMany({
+        data: features.map((f: any) => ({
+          projectId: params.id,
+          type: f.type,
+          geometry: f.geometry,
+          properties: f.properties || {},
+        })),
+      })
+    }
+
+    const updatedFeatures = await (prisma as any).feature.findMany({
+      where: { projectId: params.id },
+    })
+
+    return NextResponse.json({ features: updatedFeatures })
+  } catch (error) {
+    console.error('Error updating features:', error)
+    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
+  }
+}