Aktueller Stand

2026-01-16 23:02:36 +01:00
parent dcf45bac3d
commit b2b23268b2
14 changed files with 768 additions and 226 deletions
--- a/app/api/categories/route.ts
+++ b/app/api/categories/route.ts
@@ -1,6 +1,7 @@
 import { NextResponse } from "next/server";
 import { prisma } from "../../../lib/prisma";
 import { isAdminSession, requireSession } from "../../../lib/auth-helpers";
+import { getAccessSettings } from "../../../lib/system-settings";

 export async function GET() {
  const { session } = await requireSession();
@@ -26,7 +27,7 @@ export async function POST(request: Request) {
  }

  const body = await request.json();
-  const { name } = body || {};
+  const { name, isPublic } = body || {};

  if (!name) {
    return NextResponse.json({ error: "Name erforderlich." }, { status: 400 });
@@ -37,8 +38,9 @@ export async function POST(request: Request) {
    return NextResponse.json({ error: "Kategorie existiert bereits." }, { status: 409 });
  }

+  const { publicAccessEnabled } = await getAccessSettings();
  const category = await prisma.category.create({
-    data: { name }
+    data: { name, isPublic: publicAccessEnabled && isPublic === true }
  });

  const views = await prisma.userView.findMany({
@@ -68,25 +70,42 @@ export async function PATCH(request: Request) {
  }

  const body = await request.json();
-  const { id, name } = body || {};
+  const { id, name, isPublic } = body || {};

-  if (!id || !name) {
-    return NextResponse.json({ error: "ID und Name erforderlich." }, { status: 400 });
+  if (!id) {
+    return NextResponse.json({ error: "ID erforderlich." }, { status: 400 });
  }

-  const trimmed = String(name).trim();
-  if (!trimmed) {
-    return NextResponse.json({ error: "Name erforderlich." }, { status: 400 });
+  const data: { name?: string; isPublic?: boolean } = {};
+
+  if (name !== undefined) {
+    const trimmed = String(name).trim();
+    if (!trimmed) {
+      return NextResponse.json({ error: "Name erforderlich." }, { status: 400 });
+    }
+
+    const existing = await prisma.category.findUnique({ where: { name: trimmed } });
+    if (existing && existing.id !== id) {
+      return NextResponse.json({ error: "Kategorie existiert bereits." }, { status: 409 });
+    }
+    data.name = trimmed;
  }

-  const existing = await prisma.category.findUnique({ where: { name: trimmed } });
-  if (existing && existing.id !== id) {
-    return NextResponse.json({ error: "Kategorie existiert bereits." }, { status: 409 });
+  const { publicAccessEnabled } = await getAccessSettings();
+  if (publicAccessEnabled && typeof isPublic === "boolean") {
+    data.isPublic = isPublic;
+  }
+
+  if (Object.keys(data).length === 0) {
+    return NextResponse.json(
+      { error: "Keine Änderungen angegeben." },
+      { status: 400 }
+    );
  }

  const category = await prisma.category.update({
    where: { id },
-    data: { name: trimmed }
+    data
  });

  return NextResponse.json(category);
--- a/app/api/events/[id]/route.ts
+++ b/app/api/events/[id]/route.ts
@@ -1,6 +1,7 @@
 import { NextResponse } from "next/server";
 import { prisma } from "../../../../lib/prisma";
 import { isAdminSession, requireSession } from "../../../../lib/auth-helpers";
+import { getAccessSettings } from "../../../../lib/system-settings";

 export async function PATCH(request: Request, context: { params: { id: string } }) {
  const { session } = await requireSession();
@@ -23,7 +24,8 @@ export async function PATCH(request: Request, context: { params: { id: string }
    locationLng,
    startAt,
    endAt,
-    categoryId
+    categoryId,
+    publicOverride
  } = body || {};

  if (status && ["APPROVED", "REJECTED"].includes(status)) {
@@ -44,6 +46,13 @@ export async function PATCH(request: Request, context: { params: { id: string }

  const startDate = new Date(startAt);
  const endDate = endAt ? new Date(endAt) : null;
+  const { publicAccessEnabled } = await getAccessSettings();
+  const overrideValue =
+    publicAccessEnabled && publicOverride !== undefined
+      ? publicOverride === null || publicOverride === true || publicOverride === false
+        ? publicOverride
+        : null
+      : undefined;

  const event = await prisma.event.update({
    where: { id: context.params.id },
@@ -56,7 +65,8 @@ export async function PATCH(request: Request, context: { params: { id: string }
      locationLng: locationLng ? Number(locationLng) : null,
      startAt: startDate,
      endAt: endDate,
-      category: { connect: { id: categoryId } }
+      category: { connect: { id: categoryId } },
+      publicOverride: overrideValue
    }
  });

--- a/app/api/events/route.ts
+++ b/app/api/events/route.ts
@@ -1,16 +1,66 @@
 import { NextResponse } from "next/server";
+import { getServerSession } from "next-auth";
 import { prisma } from "../../../lib/prisma";
 import { isAdminSession, requireSession } from "../../../lib/auth-helpers";
+import { authOptions } from "../../../lib/auth";
+import { getAccessSettings } from "../../../lib/system-settings";

 export async function GET(request: Request) {
-  const { session } = await requireSession();
-  if (!session) {
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  const session = await getServerSession(authOptions);
+  if (session?.user?.status && session.user.status !== "ACTIVE") {
+    return NextResponse.json(
+      { error: "Account nicht freigeschaltet." },
+      { status: 403 }
+    );
+  }
+  if (session?.user?.emailVerified === false) {
+    return NextResponse.json(
+      { error: "E-Mail nicht verifiziert." },
+      { status: 403 }
+    );
  }
-
  const { searchParams } = new URL(request.url);
  const status = searchParams.get("status");
  const isAdmin = isAdminSession(session);
+  const { publicAccessEnabled } = await getAccessSettings();
+
+  if (!session?.user?.email) {
+    if (!publicAccessEnabled) {
+      return NextResponse.json(
+        { error: "Öffentlicher Zugriff ist deaktiviert." },
+        { status: 403 }
+      );
+    }
+    const events = await prisma.event.findMany({
+      where: {
+        status: "APPROVED",
+        OR: [
+          { publicOverride: true },
+          { publicOverride: null, category: { isPublic: true } }
+        ]
+      },
+      orderBy: { startAt: "asc" },
+      select: {
+        id: true,
+        title: true,
+        location: true,
+        locationPlaceId: true,
+        locationLat: true,
+        locationLng: true,
+        startAt: true,
+        endAt: true,
+        status: true,
+        category: {
+          select: {
+            id: true,
+            name: true
+          }
+        }
+      }
+    });
+
+    return NextResponse.json(events);
+  }

  const where = isAdmin
    ? status
--- a/app/api/settings/system/route.ts
+++ b/app/api/settings/system/route.ts
@@ -1,29 +1,15 @@
 import { NextResponse } from "next/server";
 import { prisma } from "../../../../lib/prisma";
 import { isSuperAdminSession, requireSession } from "../../../../lib/auth-helpers";
+import { getSystemSettings } from "../../../../lib/system-settings";

 export async function GET() {
  const { session } = await requireSession();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }
-
-  const apiKeySetting = await prisma.setting.findUnique({
-    where: { key: "google_places_api_key" }
-  });
-  const providerSetting = await prisma.setting.findUnique({
-    where: { key: "geocoding_provider" }
-  });
-  const registrationSetting = await prisma.setting.findUnique({
-    where: { key: "registration_enabled" }
-  });
-
-  const apiKey = apiKeySetting?.value || "";
-  const provider =
-    providerSetting?.value || (apiKey ? "google" : "osm");
-  const registrationEnabled = registrationSetting?.value !== "false";
-
-  return NextResponse.json({ apiKey, provider, registrationEnabled });
+  const settings = await getSystemSettings();
+  return NextResponse.json(settings);
 }

 export async function POST(request: Request) {
@@ -37,7 +23,12 @@ export async function POST(request: Request) {
  }

  const body = await request.json();
-  const { apiKey, provider, registrationEnabled } = body || {};
+  const {
+    apiKey,
+    provider,
+    registrationEnabled,
+    publicAccessEnabled
+  } = body || {};

  if (!provider || !["google", "osm"].includes(provider)) {
    return NextResponse.json({ error: "Provider erforderlich." }, { status: 400 });
@@ -68,9 +59,26 @@ export async function POST(request: Request) {
    create: { key: "registration_enabled", value: registrationValue }
  });

+  const existing = await getSystemSettings();
+  const nextPublicAccessEnabled =
+    typeof publicAccessEnabled === "boolean"
+      ? publicAccessEnabled
+      : existing.publicAccessEnabled;
+
+  const publicAccessValue = nextPublicAccessEnabled ? "true" : "false";
+  await prisma.setting.upsert({
+    where: { key: "public_access_enabled" },
+    update: { value: publicAccessValue },
+    create: { key: "public_access_enabled", value: publicAccessValue }
+  });
+  await prisma.setting.deleteMany({
+    where: { key: { in: ["public_events_enabled", "anonymous_access_enabled"] } }
+  });
+
  return NextResponse.json({
    apiKey: apiKeySetting.value,
    provider: providerSetting.value,
-    registrationEnabled: registrationValue !== "false"
+    registrationEnabled: registrationValue !== "false",
+    publicAccessEnabled: nextPublicAccessEnabled
  });
 }