From 3d3346de76e97201be86b52b52d60f494c33f73a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reinhard=20X=2E=20F=C3=BCrst?= <rexfue@gmail.com>
Date: Mon, 11 May 2026 20:55:52 +0200
Subject: [PATCH] =?UTF-8?q?v1.6.3:=20403-Fehler=20bei=20Eintr=C3=A4gen=20o?=
 =?UTF-8?q?hne=20created=5Fby=20(NULL)=20beheben?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 app/api/logbuch/[id]/route.ts | 6 ++++--
 package.json                  | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/api/logbuch/[id]/route.ts b/app/api/logbuch/[id]/route.ts
index 1f4fc18..3dcb75b 100644
--- a/app/api/logbuch/[id]/route.ts
+++ b/app/api/logbuch/[id]/route.ts
@@ -18,7 +18,8 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
     }
 
     const isAdmin = session.role?.includes('admin');
-    const isCreator = existingRows[0].created_by === session.beoId;
+    const createdBy = existingRows[0].created_by;
+    const isCreator = createdBy === null || createdBy === session.beoId;
 
     if (!isAdmin && !isCreator) {
       return NextResponse.json({ error: 'Keine Berechtigung zum Ändern dieses Eintrags' }, { status: 403 });
@@ -90,7 +91,8 @@ export async function DELETE(_request: NextRequest, { params }: { params: Promis
     }
 
     const isAdmin = session.role?.includes('admin');
-    const isCreator = existingRows[0].created_by === session.beoId;
+    const createdBy = existingRows[0].created_by;
+    const isCreator = createdBy === null || createdBy === session.beoId;
 
     if (!isAdmin && !isCreator) {
       return NextResponse.json({ error: 'Keine Berechtigung zum Löschen dieses Eintrags' }, { status: 403 });
diff --git a/package.json b/package.json
index 2891e35..9414232 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "logbuch",
-  "version": "1.6.2",
+  "version": "1.6.3",
   "private": true,
   "scripts": {
     "dev": "next dev",