Initial commit: Lageplan v1.0 - Next.js 15.5, React 19

2026-02-21 11:57:44 +01:00
commit adf3dc8c1d
167 changed files with 34265 additions and 0 deletions
--- a/src/app/api/projects/[id]/route.ts
+++ b/src/app/api/projects/[id]/route.ts
@@ -0,0 +1,110 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { prisma } from '@/lib/db'
+import { projectSchema } from '@/lib/validations'
+import { getProjectWithTenantCheck } from '@/lib/tenant'
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getSession()
+    if (!user) {
+      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+    }
+
+    const projectBase = await getProjectWithTenantCheck(params.id, user)
+    if (!projectBase) {
+      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
+    }
+
+    // Re-fetch with includes
+    const project = await (prisma as any).project.findUnique({
+      where: { id: params.id },
+      include: {
+        owner: {
+          select: { id: true, name: true, email: true },
+        },
+        features: true,
+      },
+    })
+
+    return NextResponse.json({ project })
+  } catch (error) {
+    console.error('Error fetching project:', error)
+    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
+  }
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getSession()
+    if (!user) {
+      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+    }
+
+    if (user.role === 'VIEWER') {
+      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
+    }
+
+    const existingProject = await getProjectWithTenantCheck(params.id, user)
+    if (!existingProject) {
+      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
+    }
+
+    const body = await request.json()
+    const validated = projectSchema.partial().safeParse(body)
+    
+    if (!validated.success) {
+      return NextResponse.json(
+        { error: 'Ungültige Eingabedaten', details: validated.error.flatten() },
+        { status: 400 }
+      )
+    }
+
+    const project = await (prisma as any).project.update({
+      where: { id: params.id },
+      data: validated.data,
+    })
+
+    return NextResponse.json({ project })
+  } catch (error) {
+    console.error('Error updating project:', error)
+    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
+  }
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const user = await getSession()
+    if (!user) {
+      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
+    }
+
+    const existingProject = await getProjectWithTenantCheck(params.id, user)
+    if (!existingProject) {
+      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
+    }
+
+    // Only owner, tenant admin, or server admin can delete
+    if (user.role !== 'SERVER_ADMIN' && user.role !== 'TENANT_ADMIN' && existingProject.ownerId !== user.id) {
+      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
+    }
+
+    await (prisma as any).project.delete({
+      where: { id: params.id },
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error('Error deleting project:', error)
+    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
+  }
+}