Initial commit - ERP System

2026-05-20 18:58:23 +00:00
commit e174936997
2697 changed files with 1628427 additions and 0 deletions
@@ -0,0 +1,133 @@
+// /opt/erp-system/app/api/tickets/[id]/route.ts
+import { NextResponse } from 'next/server';
+import prisma from '../../../../lib/prisma';
+import { getServerSession } from "next-auth/next";
+import { authOptions } from "../../auth/[...nextauth]/route";
+import { sendEmail } from '../../../../lib/email';
+
+export async function GET(request: Request, context: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 });
+
+    const params = await context.params;
+    const ticketId = parseInt(params.id);
+    const userId = parseInt((session.user as any).id);
+    const userType = (session.user as any).userType;
+
+    const ticket = await prisma.ticket.findUnique({
+      where: { id: ticketId },
+      include: {
+        customer: true,
+        assignedTo: { select: { id: true, firstName: true, lastName: true } },
+        messages: { orderBy: { createdAt: 'asc' } },
+        timeEntries: { orderBy: { createdAt: 'desc' }, include: { user: { select: { firstName: true, lastName: true } } } },
+        notes: { orderBy: { createdAt: 'desc' }, include: { user: { select: { firstName: true, lastName: true } } } },
+      }
+    });
+
+    if (!ticket) return NextResponse.json({ error: 'Nicht gefunden' }, { status: 404 });
+
+    // Sicherheits-Prüfung: Kunden dürfen nur ihre eigenen Akten laden
+    if (userType === 'CUSTOMER' && ticket.customerId !== userId) {
+      return NextResponse.json({ error: 'Zugriff verweigert' }, { status: 403 });
+    }
+
+    return NextResponse.json(ticket);
+  } catch (error) {
+    return NextResponse.json({ error: 'Ladefehler' }, { status: 500 });
+  }
+}
+
+export async function PUT(request: Request, context: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 });
+
+    const params = await context.params;
+    const ticketId = parseInt(params.id);
+    const body = await request.json();
+    const userId = parseInt((session.user as any).id);
+    const userType = (session.user as any).userType;
+
+    const ticket = await prisma.ticket.findUnique({
+      where: { id: ticketId },
+      include: { customer: true }
+    });
+
+    if (!ticket) return NextResponse.json({ error: 'Ticket nicht gefunden' }, { status: 404 });
+
+    // Sicherheits-Prüfung für Schreibzugriffe
+    if (userType === 'CUSTOMER' && ticket.customerId !== userId) {
+      return NextResponse.json({ error: 'Zugriff verweigert' }, { status: 403 });
+    }
+
+    if (body.action === 'assign') {
+      if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
+      await prisma.ticket.update({
+        where: { id: ticketId },
+        data: { assignedToId: body.userId ? parseInt(body.userId) : null }
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    if (body.action === 'changePriority') {
+      if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
+      await prisma.ticket.update({
+        where: { id: ticketId },
+        data: { priority: body.priority }
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    if (body.action === 'addMessage') {
+      const isFromCustomer = userType === 'CUSTOMER';
+      await prisma.ticketMessage.create({ 
+        data: { content: body.content, ticketId, isFromCustomer } 
+      });
+      
+      // Nur E-Mail senden, wenn der Mitarbeiter antwortet
+      if (!isFromCustomer && ticket.customer.email) {
+        await sendEmail({
+          to: ticket.customer.email,
+          subject: `Update zu Ticket #${ticket.id}: ${ticket.title}`,
+          text: `Hallo ${ticket.customer.firstName},\n\nes gibt eine neue Nachricht zu deinem Ticket:\n\n${body.content}\n\nViele Grüße\nDein Support-Team`
+        });
+      }
+      return NextResponse.json({ success: true });
+    }
+
+    if (body.action === 'addTimeEntry') {
+      if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
+      await prisma.timeEntry.create({ data: { durationMins: parseInt(body.durationMins), description: body.description, ticketId, userId } });
+      return NextResponse.json({ success: true });
+    }
+
+    if (body.action === 'addNote') {
+      if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
+      await prisma.ticketNote.create({ data: { content: body.content, ticketId, userId } });
+      return NextResponse.json({ success: true });
+    }
+
+    if (body.action === 'closeTicket') {
+      if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 });
+      if (body.durationMins > 0) {
+        await prisma.timeEntry.create({ data: { durationMins: parseInt(body.durationMins), description: body.description || 'Abschluss', ticketId, userId } });
+      }
+      await prisma.ticket.update({ where: { id: ticketId }, data: { status: 'RESOLVED' } });
+
+      if (ticket.customer.email) {
+        await sendEmail({
+          to: ticket.customer.email,
+          subject: `Ticket #${ticket.id} gelöst: ${ticket.title}`,
+          text: `Hallo ${ticket.customer.firstName},\n\ndein Ticket wurde als gelöst markiert.\n\nLösung/Hinweis:\n${body.description || 'Das Problem wurde behoben.'}\n\nViele Grüße\nDein Support-Team`
+        });
+      }
+      return NextResponse.json({ success: true });
+    }
+
+    return NextResponse.json({ error: 'Ungültig' }, { status: 400 });
+  } catch (error) {
+    return NextResponse.json({ error: 'Fehler' }, { status: 500 });
+  }
+}