Initial commit - ERP System
This commit is contained in:
root
@@ -0,0 +1,94 @@
|
||||
// /opt/erp-system/app/api/tickets/[id]/attachments/route.ts
|
||||
import { NextResponse } from 'next/server';
|
||||
import prisma from '../../../../../lib/prisma';
|
||||
import { getServerSession } from "next-auth/next";
|
||||
import { authOptions } from "../../../auth/[...nextauth]/route";
|
||||
import { writeFile, readFile } from 'fs/promises';
|
||||
import { join } from 'path';
|
||||
|
||||
const UPLOAD_DIR = join(process.cwd(), 'uploads');
|
||||
|
||||
// POST: Datei hochladen
|
||||
export async function POST(request: Request, context: { params: Promise<{ id: string }> }) {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 });
|
||||
|
||||
try {
|
||||
const params = await context.params;
|
||||
const ticketId = parseInt(params.id);
|
||||
const formData = await request.formData();
|
||||
|
||||
const file = formData.get('file') as File;
|
||||
if (!file) return NextResponse.json({ error: 'Keine Datei gefunden' }, { status: 400 });
|
||||
|
||||
const bytes = await file.arrayBuffer();
|
||||
const buffer = Buffer.from(bytes);
|
||||
|
||||
// Dateinamen bereinigen und eindeutig machen
|
||||
const safeOriginalName = file.name.replace(/[^a-zA-Z0-9.-]/g, '_');
|
||||
const savedName = `${Date.now()}-${safeOriginalName}`;
|
||||
const filepath = join(UPLOAD_DIR, savedName);
|
||||
|
||||
await writeFile(filepath, buffer);
|
||||
|
||||
const attachment = await prisma.attachment.create({
|
||||
data: {
|
||||
fileName: file.name,
|
||||
savedName: savedName,
|
||||
fileSize: file.size,
|
||||
fileType: file.type,
|
||||
ticketId: ticketId
|
||||
}
|
||||
});
|
||||
|
||||
return NextResponse.json(attachment, { status: 201 });
|
||||
} catch (error) {
|
||||
console.error("Upload Fehler:", error);
|
||||
return NextResponse.json({ error: 'Fehler beim Upload' }, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
// GET: Datei-Liste abrufen oder einzelne Datei herunterladen
|
||||
export async function GET(request: Request, context: { params: Promise<{ id: string }> }) {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session) return new NextResponse('Nicht autorisiert', { status: 401 });
|
||||
|
||||
const { searchParams } = new URL(request.url);
|
||||
const downloadId = searchParams.get('download');
|
||||
|
||||
try {
|
||||
const params = await context.params;
|
||||
const ticketId = parseInt(params.id);
|
||||
|
||||
// Modus 1: Einzelne Datei herunterladen
|
||||
if (downloadId) {
|
||||
const attachment = await prisma.attachment.findUnique({
|
||||
where: { id: parseInt(downloadId) }
|
||||
});
|
||||
|
||||
if (!attachment || attachment.ticketId !== ticketId) {
|
||||
return new NextResponse('Datei nicht gefunden', { status: 404 });
|
||||
}
|
||||
|
||||
const filepath = join(UPLOAD_DIR, attachment.savedName);
|
||||
const fileBuffer = await readFile(filepath);
|
||||
|
||||
return new NextResponse(fileBuffer, {
|
||||
headers: {
|
||||
'Content-Type': attachment.fileType,
|
||||
'Content-Disposition': `attachment; filename="${attachment.fileName}"`
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Modus 2: Liste aller Anhänge des Tickets zurückgeben
|
||||
const attachments = await prisma.attachment.findMany({
|
||||
where: { ticketId: ticketId },
|
||||
orderBy: { createdAt: 'desc' }
|
||||
});
|
||||
return NextResponse.json(attachments);
|
||||
|
||||
} catch (error) {
|
||||
return new NextResponse('Fehler beim Abrufen der Datei', { status: 500 });
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,133 @@
|
||||
// /opt/erp-system/app/api/tickets/[id]/route.ts
|
||||
import { NextResponse } from 'next/server';
|
||||
import prisma from '../../../../lib/prisma';
|
||||
import { getServerSession } from "next-auth/next";
|
||||
import { authOptions } from "../../auth/[...nextauth]/route";
|
||||
import { sendEmail } from '../../../../lib/email';
|
||||
|
||||
export async function GET(request: Request, context: { params: Promise<{ id: string }> }) {
|
||||
try {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 });
|
||||
|
||||
const params = await context.params;
|
||||
const ticketId = parseInt(params.id);
|
||||
const userId = parseInt((session.user as any).id);
|
||||
const userType = (session.user as any).userType;
|
||||
|
||||
const ticket = await prisma.ticket.findUnique({
|
||||
where: { id: ticketId },
|
||||
include: {
|
||||
customer: true,
|
||||
assignedTo: { select: { id: true, firstName: true, lastName: true } },
|
||||
messages: { orderBy: { createdAt: 'asc' } },
|
||||
timeEntries: { orderBy: { createdAt: 'desc' }, include: { user: { select: { firstName: true, lastName: true } } } },
|
||||
notes: { orderBy: { createdAt: 'desc' }, include: { user: { select: { firstName: true, lastName: true } } } },
|
||||
}
|
||||
});
|
||||
|
||||
if (!ticket) return NextResponse.json({ error: 'Nicht gefunden' }, { status: 404 });
|
||||
|
||||
// Sicherheits-Prüfung: Kunden dürfen nur ihre eigenen Akten laden
|
||||
if (userType === 'CUSTOMER' && ticket.customerId !== userId) {
|
||||
return NextResponse.json({ error: 'Zugriff verweigert' }, { status: 403 });
|
||||
}
|
||||
|
||||
return NextResponse.json(ticket);
|
||||
} catch (error) {
|
||||
return NextResponse.json({ error: 'Ladefehler' }, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
export async function PUT(request: Request, context: { params: Promise<{ id: string }> }) {
|
||||
try {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 });
|
||||
|
||||
const params = await context.params;
|
||||
const ticketId = parseInt(params.id);
|
||||
const body = await request.json();
|
||||
const userId = parseInt((session.user as any).id);
|
||||
const userType = (session.user as any).userType;
|
||||
|
||||
const ticket = await prisma.ticket.findUnique({
|
||||
where: { id: ticketId },
|
||||
include: { customer: true }
|
||||
});
|
||||
|
||||
if (!ticket) return NextResponse.json({ error: 'Ticket nicht gefunden' }, { status: 404 });
|
||||
|
||||
// Sicherheits-Prüfung für Schreibzugriffe
|
||||
if (userType === 'CUSTOMER' && ticket.customerId !== userId) {
|
||||
return NextResponse.json({ error: 'Zugriff verweigert' }, { status: 403 });
|
||||
}
|
||||
|
||||
if (body.action === 'assign') {
|
||||
if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
|
||||
await prisma.ticket.update({
|
||||
where: { id: ticketId },
|
||||
data: { assignedToId: body.userId ? parseInt(body.userId) : null }
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
}
|
||||
|
||||
if (body.action === 'changePriority') {
|
||||
if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
|
||||
await prisma.ticket.update({
|
||||
where: { id: ticketId },
|
||||
data: { priority: body.priority }
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
}
|
||||
|
||||
if (body.action === 'addMessage') {
|
||||
const isFromCustomer = userType === 'CUSTOMER';
|
||||
await prisma.ticketMessage.create({
|
||||
data: { content: body.content, ticketId, isFromCustomer }
|
||||
});
|
||||
|
||||
// Nur E-Mail senden, wenn der Mitarbeiter antwortet
|
||||
if (!isFromCustomer && ticket.customer.email) {
|
||||
await sendEmail({
|
||||
to: ticket.customer.email,
|
||||
subject: `Update zu Ticket #${ticket.id}: ${ticket.title}`,
|
||||
text: `Hallo ${ticket.customer.firstName},\n\nes gibt eine neue Nachricht zu deinem Ticket:\n\n${body.content}\n\nViele Grüße\nDein Support-Team`
|
||||
});
|
||||
}
|
||||
return NextResponse.json({ success: true });
|
||||
}
|
||||
|
||||
if (body.action === 'addTimeEntry') {
|
||||
if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
|
||||
await prisma.timeEntry.create({ data: { durationMins: parseInt(body.durationMins), description: body.description, ticketId, userId } });
|
||||
return NextResponse.json({ success: true });
|
||||
}
|
||||
|
||||
if (body.action === 'addNote') {
|
||||
if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
|
||||
await prisma.ticketNote.create({ data: { content: body.content, ticketId, userId } });
|
||||
return NextResponse.json({ success: true });
|
||||
}
|
||||
|
||||
if (body.action === 'closeTicket') {
|
||||
if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
|
||||
if (body.durationMins > 0) {
|
||||
await prisma.timeEntry.create({ data: { durationMins: parseInt(body.durationMins), description: body.description || 'Abschluss', ticketId, userId } });
|
||||
}
|
||||
await prisma.ticket.update({ where: { id: ticketId }, data: { status: 'RESOLVED' } });
|
||||
|
||||
if (ticket.customer.email) {
|
||||
await sendEmail({
|
||||
to: ticket.customer.email,
|
||||
subject: `Ticket #${ticket.id} gelöst: ${ticket.title}`,
|
||||
text: `Hallo ${ticket.customer.firstName},\n\ndein Ticket wurde als gelöst markiert.\n\nLösung/Hinweis:\n${body.description || 'Das Problem wurde behoben.'}\n\nViele Grüße\nDein Support-Team`
|
||||
});
|
||||
}
|
||||
return NextResponse.json({ success: true });
|
||||
}
|
||||
|
||||
return NextResponse.json({ error: 'Ungültig' }, { status: 400 });
|
||||
} catch (error) {
|
||||
return NextResponse.json({ error: 'Fehler' }, { status: 500 });
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user