Buchungssystem erste überarbeitungen

apps/hub/app/api/bookings/[id]/route.ts

@@ -0,0 +1,136 @@
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "@repo/db";
+import { getServerSession } from "../../auth/[...nextauth]/auth";
+
+// DELETE /api/booking/[id] - Delete a booking
+export const DELETE = async (req: NextRequest, { params }: { params: { id: string } }) => {
+	try {
+		console.log(params);
+		const session = await getServerSession();
+		if (!session?.user) {
+			return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+		}
+
+		const bookingId = params.id;
+
+		// Find the booking
+		const booking = await prisma.booking.findUnique({
+			where: { id: bookingId },
+		});
+
+		if (!booking) {
+			return NextResponse.json({ error: "Booking not found" }, { status: 404 });
+		}
+
+		// Check if user owns the booking or has admin permissions
+		if (booking.userId !== session.user.id && !session.user.permissions.includes("ADMIN_KICK")) {
+			return NextResponse.json({ error: "Insufficient permissions" }, { status: 403 });
+		}
+
+		// Delete the booking
+		await prisma.booking.delete({
+			where: { id: bookingId },
+		});
+
+		return NextResponse.json({ success: true });
+	} catch (error) {
+		console.error("Error deleting booking:", error);
+		return NextResponse.json({ error: "Internal server error" }, { status: 500 });
+	}
+};
+
+// PUT /api/booking/[id] - Update a booking
+export const PUT = async (req: NextRequest, { params }: { params: { id: string } }) => {
+	try {
+		const session = await getServerSession();
+		if (!session?.user) {
+			return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+		}
+
+		const bookingId = params.id;
+		const body = await req.json();
+		const { type, stationId, startTime, endTime } = body;
+
+		// Find the booking
+		const existingBooking = await prisma.booking.findUnique({
+			where: { id: bookingId },
+		});
+
+		if (!existingBooking) {
+			return NextResponse.json({ error: "Booking not found" }, { status: 404 });
+		}
+
+		// Check if user owns the booking or has admin permissions
+		if (
+			existingBooking.userId !== session.user.id &&
+			!session.user.permissions.includes("ADMIN_KICK")
+		) {
+			return NextResponse.json({ error: "Insufficient permissions" }, { status: 403 });
+		}
+
+		// Validate permissions for LST bookings
+		const lstTypes = ["LST_01", "LST_02", "LST_03", "LST_04"];
+		if (lstTypes.includes(type)) {
+			if (!session.user.permissions.includes("DISPO")) {
+				return NextResponse.json(
+					{ error: "Insufficient permissions for LST booking" },
+					{ status: 403 },
+				);
+			}
+		}
+
+		// Check for conflicts (excluding current booking)
+		const conflictWhere = {
+			id: { not: bookingId },
+			type,
+			OR: [
+				{
+					startTime: {
+						lt: new Date(endTime),
+					},
+					endTime: {
+						gt: new Date(startTime),
+					},
+				},
+			],
+			...(type === "STATION" && stationId ? { stationId } : {}),
+		};
+
+		const conflictingBooking = await prisma.booking.findFirst({
+			where: conflictWhere,
+		});
+
+		if (conflictingBooking) {
+			const resourceName = type === "STATION" ? `Station` : type;
+			return NextResponse.json(
+				{ error: `Konflikt erkannt: ${resourceName} ist bereits für diesen Zeitraum gebucht.` },
+				{ status: 409 },
+			);
+		}
+
+		// Update the booking
+		const updatedBooking = await prisma.booking.update({
+			where: { id: bookingId },
+			data: {
+				type,
+				stationId: type === "STATION" ? stationId : null,
+				startTime: new Date(startTime),
+				endTime: new Date(endTime),
+			},
+			include: {
+				User: true,
+				Station: {
+					select: {
+						id: true,
+						bosCallsignShort: true,
+					},
+				},
+			},
+		});
+
+		return NextResponse.json({ booking: updatedBooking });
+	} catch (error) {
+		console.error("Error updating booking:", error);
+		return NextResponse.json({ error: "Internal server error" }, { status: 500 });
+	}
+};