import { NextRequest, NextResponse } from 'next/server' import { getSession } from '@/lib/auth' import { prisma } from '@/lib/db' import { featureSchema } from '@/lib/validations' import { getProjectWithTenantCheck } from '@/lib/tenant' export async function GET( request: NextRequest, { params }: { params: { id: string } } ) { try { const user = await getSession() if (!user) { return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }) } const project = await getProjectWithTenantCheck(params.id, user) if (!project) { return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 }) } const features = await (prisma as any).feature.findMany({ where: { projectId: params.id }, orderBy: { createdAt: 'asc' }, }) return NextResponse.json({ features }) } catch (error) { console.error('Error fetching features:', error) return NextResponse.json({ error: 'Serverfehler' }, { status: 500 }) } } export async function POST( request: NextRequest, { params }: { params: { id: string } } ) { try { const user = await getSession() if (!user) { return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }) } if (user.role === 'VIEWER') { return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 }) } const project = await getProjectWithTenantCheck(params.id, user) if (!project) { return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 }) } if (project.isLocked && user.role !== 'SERVER_ADMIN') { return NextResponse.json({ error: 'Projekt ist gesperrt' }, { status: 403 }) } const body = await request.json() const validated = featureSchema.safeParse(body) if (!validated.success) { return NextResponse.json( { error: 'Ungültige Eingabedaten', details: validated.error.flatten() }, { status: 400 } ) } const feature = await (prisma as any).feature.create({ data: { projectId: params.id, type: validated.data.type, geometry: validated.data.geometry, properties: validated.data.properties || {}, }, }) return NextResponse.json({ feature }, { status: 201 }) } catch (error) { console.error('Error creating feature:', error) return NextResponse.json({ error: 'Serverfehler' }, { status: 500 }) } } export async function PUT( request: NextRequest, { params }: { params: { id: string } } ) { try { const user = await getSession() if (!user) { return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }) } if (user.role === 'VIEWER') { return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 }) } const project = await getProjectWithTenantCheck(params.id, user) if (!project) { const exists = await (prisma as any).project.findUnique({ where: { id: params.id }, select: { id: true, tenantId: true, ownerId: true } }) if (!exists) { console.warn(`[Features PUT] Project ${params.id} not in DB`) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 }) } console.warn(`[Features PUT] Access denied: user=${user.id} tenant=${user.tenantId}, project owner=${exists.ownerId} tenant=${exists.tenantId}`) return NextResponse.json({ error: 'Keine Berechtigung für dieses Projekt' }, { status: 403 }) } if (project.isLocked && user.role !== 'SERVER_ADMIN') { return NextResponse.json({ error: 'Projekt ist gesperrt' }, { status: 403 }) } const body = await request.json() const { features } = body as { features: Array<{ id?: string; type: string; geometry: object; properties?: object }> } await (prisma as any).feature.deleteMany({ where: { projectId: params.id }, }) if (features && features.length > 0) { await (prisma as any).feature.createMany({ data: features.map((f: any) => ({ projectId: params.id, type: f.type, geometry: f.geometry, properties: f.properties || {}, })), }) } const updatedFeatures = await (prisma as any).feature.findMany({ where: { projectId: params.id }, }) return NextResponse.json({ features: updatedFeatures }) } catch (error) { console.error('Error updating features:', error) return NextResponse.json({ error: 'Serverfehler' }, { status: 500 }) } }