140 lines
4.4 KiB
TypeScript
140 lines
4.4 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { getSession } from '@/lib/auth'
|
|
import { prisma } from '@/lib/db'
|
|
import { featureSchema } from '@/lib/validations'
|
|
import { getProjectWithTenantCheck } from '@/lib/tenant'
|
|
|
|
export async function GET(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const user = await getSession()
|
|
if (!user) {
|
|
return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
|
|
}
|
|
|
|
const project = await getProjectWithTenantCheck(params.id, user)
|
|
if (!project) {
|
|
return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
|
|
}
|
|
|
|
const features = await (prisma as any).feature.findMany({
|
|
where: { projectId: params.id },
|
|
orderBy: { createdAt: 'asc' },
|
|
})
|
|
|
|
return NextResponse.json({ features })
|
|
} catch (error) {
|
|
console.error('Error fetching features:', error)
|
|
return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
export async function POST(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const user = await getSession()
|
|
if (!user) {
|
|
return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
|
|
}
|
|
|
|
if (user.role === 'VIEWER') {
|
|
return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
|
|
}
|
|
|
|
const project = await getProjectWithTenantCheck(params.id, user)
|
|
if (!project) {
|
|
return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
|
|
}
|
|
|
|
if (project.isLocked && user.role !== 'SERVER_ADMIN') {
|
|
return NextResponse.json({ error: 'Projekt ist gesperrt' }, { status: 403 })
|
|
}
|
|
|
|
const body = await request.json()
|
|
const validated = featureSchema.safeParse(body)
|
|
|
|
if (!validated.success) {
|
|
return NextResponse.json(
|
|
{ error: 'Ungültige Eingabedaten', details: validated.error.flatten() },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const feature = await (prisma as any).feature.create({
|
|
data: {
|
|
projectId: params.id,
|
|
type: validated.data.type,
|
|
geometry: validated.data.geometry,
|
|
properties: validated.data.properties || {},
|
|
},
|
|
})
|
|
|
|
return NextResponse.json({ feature }, { status: 201 })
|
|
} catch (error) {
|
|
console.error('Error creating feature:', error)
|
|
return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
export async function PUT(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const user = await getSession()
|
|
if (!user) {
|
|
return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
|
|
}
|
|
|
|
if (user.role === 'VIEWER') {
|
|
return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
|
|
}
|
|
|
|
const project = await getProjectWithTenantCheck(params.id, user)
|
|
if (!project) {
|
|
const exists = await (prisma as any).project.findUnique({ where: { id: params.id }, select: { id: true, tenantId: true, ownerId: true } })
|
|
if (!exists) {
|
|
console.warn(`[Features PUT] Project ${params.id} not in DB`)
|
|
return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
|
|
}
|
|
console.warn(`[Features PUT] Access denied: user=${user.id} tenant=${user.tenantId}, project owner=${exists.ownerId} tenant=${exists.tenantId}`)
|
|
return NextResponse.json({ error: 'Keine Berechtigung für dieses Projekt' }, { status: 403 })
|
|
}
|
|
|
|
if (project.isLocked && user.role !== 'SERVER_ADMIN') {
|
|
return NextResponse.json({ error: 'Projekt ist gesperrt' }, { status: 403 })
|
|
}
|
|
|
|
const body = await request.json()
|
|
const { features } = body as { features: Array<{ id?: string; type: string; geometry: object; properties?: object }> }
|
|
|
|
await (prisma as any).feature.deleteMany({
|
|
where: { projectId: params.id },
|
|
})
|
|
|
|
if (features && features.length > 0) {
|
|
await (prisma as any).feature.createMany({
|
|
data: features.map((f: any) => ({
|
|
projectId: params.id,
|
|
type: f.type,
|
|
geometry: f.geometry,
|
|
properties: f.properties || {},
|
|
})),
|
|
})
|
|
}
|
|
|
|
const updatedFeatures = await (prisma as any).feature.findMany({
|
|
where: { projectId: params.id },
|
|
})
|
|
|
|
return NextResponse.json({ features: updatedFeatures })
|
|
} catch (error) {
|
|
console.error('Error updating features:', error)
|
|
return NextResponse.json({ error: 'Serverfehler' }, { status: 500 })
|
|
}
|
|
}
|