Aktueller Stand

app/api/events/[id]/route.ts

@@ -1,6 +1,7 @@
 import { NextResponse } from "next/server";
 import { prisma } from "../../../../lib/prisma";
 import { isAdminSession, requireSession } from "../../../../lib/auth-helpers";
+import { getAccessSettings } from "../../../../lib/system-settings";
 
 export async function PATCH(request: Request, context: { params: { id: string } }) {
   const { session } = await requireSession();
@@ -23,7 +24,8 @@ export async function PATCH(request: Request, context: { params: { id: string }
     locationLng,
     startAt,
     endAt,
-    categoryId
+    categoryId,
+    publicOverride
   } = body || {};
 
   if (status && ["APPROVED", "REJECTED"].includes(status)) {
@@ -44,6 +46,13 @@ export async function PATCH(request: Request, context: { params: { id: string }
 
   const startDate = new Date(startAt);
   const endDate = endAt ? new Date(endAt) : null;
+  const { publicAccessEnabled } = await getAccessSettings();
+  const overrideValue =
+    publicAccessEnabled && publicOverride !== undefined
+      ? publicOverride === null || publicOverride === true || publicOverride === false
+        ? publicOverride
+        : null
+      : undefined;
 
   const event = await prisma.event.update({
     where: { id: context.params.id },
@@ -56,7 +65,8 @@ export async function PATCH(request: Request, context: { params: { id: string }
       locationLng: locationLng ? Number(locationLng) : null,
       startAt: startDate,
       endAt: endDate,
-      category: { connect: { id: categoryId } }
+      category: { connect: { id: categoryId } },
+      publicOverride: overrideValue
     }
   });
 

app/api/events/route.ts

@@ -1,16 +1,66 @@
 import { NextResponse } from "next/server";
+import { getServerSession } from "next-auth";
 import { prisma } from "../../../lib/prisma";
 import { isAdminSession, requireSession } from "../../../lib/auth-helpers";
+import { authOptions } from "../../../lib/auth";
+import { getAccessSettings } from "../../../lib/system-settings";
 
 export async function GET(request: Request) {
-  const { session } = await requireSession();
-  if (!session) {
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  const session = await getServerSession(authOptions);
+  if (session?.user?.status && session.user.status !== "ACTIVE") {
+    return NextResponse.json(
+      { error: "Account nicht freigeschaltet." },
+      { status: 403 }
+    );
+  }
+  if (session?.user?.emailVerified === false) {
+    return NextResponse.json(
+      { error: "E-Mail nicht verifiziert." },
+      { status: 403 }
+    );
   }
-
   const { searchParams } = new URL(request.url);
   const status = searchParams.get("status");
   const isAdmin = isAdminSession(session);
+  const { publicAccessEnabled } = await getAccessSettings();
+
+  if (!session?.user?.email) {
+    if (!publicAccessEnabled) {
+      return NextResponse.json(
+        { error: "Öffentlicher Zugriff ist deaktiviert." },
+        { status: 403 }
+      );
+    }
+    const events = await prisma.event.findMany({
+      where: {
+        status: "APPROVED",
+        OR: [
+          { publicOverride: true },
+          { publicOverride: null, category: { isPublic: true } }
+        ]
+      },
+      orderBy: { startAt: "asc" },
+      select: {
+        id: true,
+        title: true,
+        location: true,
+        locationPlaceId: true,
+        locationLat: true,
+        locationLng: true,
+        startAt: true,
+        endAt: true,
+        status: true,
+        category: {
+          select: {
+            id: true,
+            name: true
+          }
+        }
+      }
+    });
+
+    return NextResponse.json(events);
+  }
 
   const where = isAdmin
     ? status