114 lines
3.3 KiB
TypeScript
114 lines
3.3 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { getSession } from '@/lib/auth'
|
|
import { prisma } from '@/lib/db'
|
|
import { projectSchema } from '@/lib/validations'
|
|
import { getProjectWithTenantCheck } from '@/lib/tenant'
|
|
|
|
export async function GET(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
const { id } = await params
|
|
const user = await getSession()
|
|
if (!user) {
|
|
return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
|
|
}
|
|
|
|
const projectBase = await getProjectWithTenantCheck(id, user)
|
|
if (!projectBase) {
|
|
return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
|
|
}
|
|
|
|
// Re-fetch with includes
|
|
const project = await (prisma as any).project.findUnique({
|
|
where: { id },
|
|
include: {
|
|
owner: {
|
|
select: { id: true, name: true, email: true },
|
|
},
|
|
features: true,
|
|
},
|
|
})
|
|
|
|
return NextResponse.json({ project })
|
|
} catch (error) {
|
|
console.error('Error fetching project:', error)
|
|
return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
export async function PATCH(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
const { id } = await params
|
|
const user = await getSession()
|
|
if (!user) {
|
|
return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
|
|
}
|
|
|
|
if (user.role === 'VIEWER') {
|
|
return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
|
|
}
|
|
|
|
const existingProject = await getProjectWithTenantCheck(id, user)
|
|
if (!existingProject) {
|
|
return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
|
|
}
|
|
|
|
const body = await request.json()
|
|
const validated = projectSchema.partial().safeParse(body)
|
|
|
|
if (!validated.success) {
|
|
return NextResponse.json(
|
|
{ error: 'Ungültige Eingabedaten', details: validated.error.flatten() },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const project = await (prisma as any).project.update({
|
|
where: { id },
|
|
data: validated.data,
|
|
})
|
|
|
|
return NextResponse.json({ project })
|
|
} catch (error) {
|
|
console.error('Error updating project:', error)
|
|
return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
export async function DELETE(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
const { id } = await params
|
|
const user = await getSession()
|
|
if (!user) {
|
|
return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
|
|
}
|
|
|
|
const existingProject = await getProjectWithTenantCheck(id, user)
|
|
if (!existingProject) {
|
|
return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
|
|
}
|
|
|
|
// Only owner, tenant admin, or server admin can delete
|
|
if (user.role !== 'SERVER_ADMIN' && user.role !== 'TENANT_ADMIN' && existingProject.ownerId !== user.id) {
|
|
return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
|
|
}
|
|
|
|
await (prisma as any).project.delete({
|
|
where: { id },
|
|
})
|
|
|
|
return NextResponse.json({ success: true })
|
|
} catch (error) {
|
|
console.error('Error deleting project:', error)
|
|
return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
|
|
}
|
|
}
|