import { NextRequest, NextResponse } from 'next/server'; import { query, getPool } from '@/lib/db'; import { getSession } from '@/lib/session'; import { triggerBackup } from '@/lib/backup'; import type { SelectedObjekt } from '@/types/logbuch'; export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) { const session = await getSession(); if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 }); const { id } = await params; const logbuchId = parseInt(id); try { const existingRows = await query('SELECT ID FROM logbuch WHERE ID = ?', [logbuchId]) as { ID: number }[]; if (existingRows.length === 0) { return NextResponse.json({ error: 'Eintrag nicht gefunden' }, { status: 404 }); } const isAdmin = session.role?.includes('admin'); const beoRows = await query('SELECT COUNT(*) AS cnt FROM logbuch_beos WHERE LogbuchID = ? AND BeoID = ?', [logbuchId, session.beoId]) as { cnt: number }[]; const isBeo = (beoRows[0]?.cnt ?? 0) > 0; if (!isAdmin && !isBeo) { return NextResponse.json({ error: 'Keine Berechtigung zum Ändern dieses Eintrags' }, { status: 403 }); } const body = await request.json(); const { Kuppel, ArtFuehrung, SonderName, Beginn, Ende, Besucher, beoIds, objekte, Bemerkungen, Wetter } = body; await getPool().execute( 'UPDATE logbuch SET Kuppel=?, ArtFuehrung=?, SonderName=?, Beginn=?, Ende=?, Besucher=?,' + ' Bemerkungen=?, WetterTemp=?, WetterFeuchte=?, WetterDruck=? WHERE ID=?', [ Kuppel, ArtFuehrung, SonderName || null, Beginn, Ende, Besucher ?? 0, Bemerkungen?.slice(0, 500) || null, Wetter?.temp ?? null, Wetter?.feuchte ?? null, Wetter?.druck ?? null, logbuchId, ] ); await query('DELETE FROM logbuch_beos WHERE LogbuchID = ?', [logbuchId]); await query('DELETE FROM logbuch_objekte WHERE LogbuchID = ?', [logbuchId]); for (const beoId of (beoIds as number[]) || []) { await query('INSERT INTO logbuch_beos (LogbuchID, BeoID) VALUES (?, ?)', [logbuchId, beoId]); } for (const obj of (objekte as SelectedObjekt[]) || []) { let objektId = obj.ID; if (!objektId) { const existing = await query('SELECT ID, Name FROM objekte WHERE LOWER(Name) = LOWER(?)', [obj.Name]) as { ID: number; Name: string }[]; if (existing[0]) { objektId = existing[0].ID; } else { const [ins] = await getPool().execute( 'INSERT INTO objekte (Name) VALUES (?)', [obj.Name] ) as [{ insertId: number }, unknown]; objektId = ins.insertId; } } await query('UPDATE objekte SET LastUsed = NOW() WHERE ID = ?', [objektId]); await query( 'INSERT INTO logbuch_objekte (LogbuchID, ObjektID) VALUES (?, ?)', [logbuchId, objektId] ); } triggerBackup(); return NextResponse.json({ ok: true }); } catch (error) { console.error('PUT /api/logbuch/[id]:', error); return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 }); } } export async function DELETE(_request: NextRequest, { params }: { params: Promise<{ id: string }> }) { const session = await getSession(); if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 }); const { id } = await params; const logbuchId = parseInt(id); try { const existingRows = await query('SELECT ID FROM logbuch WHERE ID = ?', [logbuchId]) as { ID: number }[]; if (existingRows.length === 0) { return NextResponse.json({ error: 'Eintrag nicht gefunden' }, { status: 404 }); } const isAdmin = session.role?.includes('admin'); const beoRows = await query('SELECT COUNT(*) AS cnt FROM logbuch_beos WHERE LogbuchID = ? AND BeoID = ?', [logbuchId, session.beoId]) as { cnt: number }[]; const isBeo = (beoRows[0]?.cnt ?? 0) > 0; if (!isAdmin && !isBeo) { return NextResponse.json({ error: 'Keine Berechtigung zum Löschen dieses Eintrags' }, { status: 403 }); } await query('DELETE FROM logbuch WHERE ID = ?', [logbuchId]); return NextResponse.json({ ok: true }); } catch (error) { console.error('DELETE /api/logbuch/[id]:', error); return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 }); } }