// /opt/erp-system/app/api/tickets/[id]/route.ts import { NextResponse } from 'next/server'; import prisma from '../../../../lib/prisma'; import { getServerSession } from "next-auth/next"; import { authOptions } from "../../auth/[...nextauth]/route"; import { sendEmail } from '../../../../lib/email'; export async function GET(request: Request, context: { params: Promise<{ id: string }> }) { try { const session = await getServerSession(authOptions); if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }); const params = await context.params; const ticketId = parseInt(params.id); const userId = parseInt((session.user as any).id); const userType = (session.user as any).userType; const ticket = await prisma.ticket.findUnique({ where: { id: ticketId }, include: { customer: true, assignedTo: { select: { id: true, firstName: true, lastName: true } }, messages: { orderBy: { createdAt: 'asc' } }, timeEntries: { orderBy: { createdAt: 'desc' }, include: { user: { select: { firstName: true, lastName: true } } } }, notes: { orderBy: { createdAt: 'desc' }, include: { user: { select: { firstName: true, lastName: true } } } }, } }); if (!ticket) return NextResponse.json({ error: 'Nicht gefunden' }, { status: 404 }); // Sicherheits-Prüfung: Kunden dürfen nur ihre eigenen Akten laden if (userType === 'CUSTOMER' && ticket.customerId !== userId) { return NextResponse.json({ error: 'Zugriff verweigert' }, { status: 403 }); } return NextResponse.json(ticket); } catch (error) { return NextResponse.json({ error: 'Ladefehler' }, { status: 500 }); } } export async function PUT(request: Request, context: { params: Promise<{ id: string }> }) { try { const session = await getServerSession(authOptions); if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }); const params = await context.params; const ticketId = parseInt(params.id); const body = await request.json(); const userId = parseInt((session.user as any).id); const userType = (session.user as any).userType; const ticket = await prisma.ticket.findUnique({ where: { id: ticketId }, include: { customer: true } }); if (!ticket) return NextResponse.json({ error: 'Ticket nicht gefunden' }, { status: 404 }); // Sicherheits-Prüfung für Schreibzugriffe if (userType === 'CUSTOMER' && ticket.customerId !== userId) { return NextResponse.json({ error: 'Zugriff verweigert' }, { status: 403 }); } if (body.action === 'assign') { if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 }); await prisma.ticket.update({ where: { id: ticketId }, data: { assignedToId: body.userId ? parseInt(body.userId) : null } }); return NextResponse.json({ success: true }); } if (body.action === 'changePriority') { if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 }); await prisma.ticket.update({ where: { id: ticketId }, data: { priority: body.priority } }); return NextResponse.json({ success: true }); } if (body.action === 'addMessage') { const isFromCustomer = userType === 'CUSTOMER'; await prisma.ticketMessage.create({ data: { content: body.content, ticketId, isFromCustomer } }); // Nur E-Mail senden, wenn der Mitarbeiter antwortet if (!isFromCustomer && ticket.customer.email) { await sendEmail({ to: ticket.customer.email, subject: `Update zu Ticket #${ticket.id}: ${ticket.title}`, text: `Hallo ${ticket.customer.firstName},\n\nes gibt eine neue Nachricht zu deinem Ticket:\n\n${body.content}\n\nViele Grüße\nDein Support-Team` }); } return NextResponse.json({ success: true }); } if (body.action === 'addTimeEntry') { if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 }); await prisma.timeEntry.create({ data: { durationMins: parseInt(body.durationMins), description: body.description, ticketId, userId } }); return NextResponse.json({ success: true }); } if (body.action === 'addNote') { if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 }); await prisma.ticketNote.create({ data: { content: body.content, ticketId, userId } }); return NextResponse.json({ success: true }); } if (body.action === 'closeTicket') { if (userType === 'CUSTOMER') return NextResponse.json({ error: 'Aktion unzulässig' }, { status: 403 }); if (body.durationMins > 0) { await prisma.timeEntry.create({ data: { durationMins: parseInt(body.durationMins), description: body.description || 'Abschluss', ticketId, userId } }); } await prisma.ticket.update({ where: { id: ticketId }, data: { status: 'RESOLVED' } }); if (ticket.customer.email) { await sendEmail({ to: ticket.customer.email, subject: `Ticket #${ticket.id} gelöst: ${ticket.title}`, text: `Hallo ${ticket.customer.firstName},\n\ndein Ticket wurde als gelöst markiert.\n\nLösung/Hinweis:\n${body.description || 'Das Problem wurde behoben.'}\n\nViele Grüße\nDein Support-Team` }); } return NextResponse.json({ success: true }); } return NextResponse.json({ error: 'Ungültig' }, { status: 400 }); } catch (error) { return NextResponse.json({ error: 'Fehler' }, { status: 500 }); } }