first commit

app/api/views/[id]/items/route.ts

@@ -0,0 +1,60 @@
+import { NextResponse } from "next/server";
+import { prisma } from "../../../../../lib/prisma";
+import { requireSession } from "../../../../../lib/auth-helpers";
+
+async function ensureOwner(viewId: string, email: string) {
+  const view = await prisma.userView.findFirst({
+    where: { id: viewId, user: { email } }
+  });
+  return view;
+}
+
+export async function POST(request: Request, context: { params: { id: string } }) {
+  const { session } = await requireSession();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const email = session.user?.email || "";
+  const view = await ensureOwner(context.params.id, email);
+  if (!view) {
+    return NextResponse.json({ error: "Not found" }, { status: 404 });
+  }
+
+  const body = await request.json();
+  const { eventId } = body || {};
+  if (!eventId) {
+    return NextResponse.json({ error: "Event erforderlich." }, { status: 400 });
+  }
+
+  await prisma.userViewItem.create({
+    data: { viewId: view.id, eventId }
+  });
+
+  return NextResponse.json({ ok: true }, { status: 201 });
+}
+
+export async function DELETE(request: Request, context: { params: { id: string } }) {
+  const { session } = await requireSession();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const email = session.user?.email || "";
+  const view = await ensureOwner(context.params.id, email);
+  if (!view) {
+    return NextResponse.json({ error: "Not found" }, { status: 404 });
+  }
+
+  const body = await request.json();
+  const { eventId } = body || {};
+  if (!eventId) {
+    return NextResponse.json({ error: "Event erforderlich." }, { status: 400 });
+  }
+
+  await prisma.userViewItem.deleteMany({
+    where: { viewId: view.id, eventId }
+  });
+
+  return NextResponse.json({ ok: true });
+}