nils/erp-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1de3ae8af581c21f08e7bdab216a3f52d19a8cf2
erp-system/app/api/roles/route.ts
T
root e174936997 Initial commit - ERP System
2026-05-20 18:58:23 +00:00

83 lines
3.0 KiB
TypeScript
Raw Blame History

// /opt/erp-system/app/api/roles/route.ts
import { NextResponse } from 'next/server';
import prisma from '../../../lib/prisma';
import { getServerSession } from "next-auth/next";
import { authOptions } from "../auth/[...nextauth]/route";
async function checkAccess() {
const session = await getServerSession(authOptions);
const perms = (session?.user as any)?.permissions || [];
return perms.includes('TEAM_MANAGE');
}
export async function GET() {
if (!await checkAccess()) return NextResponse.json({ error: 'Access denied' }, { status: 403 });
try {
const roles = await prisma.role.findMany({
include: { _count: { select: { users: true } } },
orderBy: { id: 'asc' }
});
return NextResponse.json(roles);
} catch (error) {
return NextResponse.json({ error: 'Fehler beim Laden' }, { status: 500 });
}
}
export async function POST(request: Request) {
if (!await checkAccess()) return NextResponse.json({ error: 'Access denied' }, { status: 403 });
try {
const body = await request.json();
const newRole = await prisma.role.create({
data: { name: body.name, permissions: body.permissions }
});
return NextResponse.json(newRole, { status: 201 });
} catch (error: any) {
if (error.code === 'P2002') return NextResponse.json({ error: 'Rollenname existiert bereits.' }, { status: 400 });
return NextResponse.json({ error: 'Fehler beim Speichern' }, { status: 500 });
}
}
export async function PUT(request: Request) {
if (!await checkAccess()) return NextResponse.json({ error: 'Access denied' }, { status: 403 });
try {
const body = await request.json();
const updatedRole = await prisma.role.update({
where: { id: body.id },
data: { name: body.name, permissions: body.permissions }
});
return NextResponse.json(updatedRole, { status: 200 });
} catch (error) {
return NextResponse.json({ error: 'Fehler beim Speichern' }, { status: 500 });
}
}
export async function DELETE(request: Request) {
const session = await getServerSession(authOptions);
const perms = (session?.user as any)?.permissions || [];
if (!perms.includes('DATA_DELETE')) return NextResponse.json({ error: 'Keine Löschberechtigung' }, { status: 403 });
try {
const { searchParams } = new URL(request.url);
const id = searchParams.get('id');
if (!id) return NextResponse.json({ error: 'ID fehlt' }, { status: 400 });
const roleId = parseInt(id);
// Check if users are still assigned
const usersWithRole = await prisma.user.count({ where: { roleId } });
if (usersWithRole > 0) {
return NextResponse.json({ error: `Diese Gruppe ist noch ${usersWithRole} Nutzer(n) zugeordnet. Bitte weise sie zuerst einer anderen Gruppe zu.` }, { status: 400 });
}
await prisma.role.delete({ where: { id: roleId } });
return NextResponse.json({ success: true });
} catch (error) {
console.error(error);
return NextResponse.json({ error: 'Löschen fehlgeschlagen' }, { status: 500 });
}
}
Reference in New Issue View Git Blame Copy Permalink