vereinskalender/app/api/views/[id]/items/route.ts

import { NextResponse } from "next/server";
import { prisma } from "../../../../../lib/prisma";
import { requireSession } from "../../../../../lib/auth-helpers";

async function ensureOwner(viewId: string, email: string) {
  const view = await prisma.userView.findFirst({
    where: { id: viewId, user: { email } }
  });
  return view;
}

export async function POST(request: Request, context: { params: { id: string } }) {
  const { session } = await requireSession();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const email = session.user?.email || "";
  const view = await ensureOwner(context.params.id, email);
  if (!view) {
    return NextResponse.json({ error: "Not found" }, { status: 404 });
  }

  const body = await request.json();
  const { eventId } = body || {};
  if (!eventId) {
    return NextResponse.json({ error: "Event erforderlich." }, { status: 400 });
  }

  await prisma.userViewItem.create({
    data: { viewId: view.id, eventId }
  });

  return NextResponse.json({ ok: true }, { status: 201 });
}

export async function DELETE(request: Request, context: { params: { id: string } }) {
  const { session } = await requireSession();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const email = session.user?.email || "";
  const view = await ensureOwner(context.params.id, email);
  if (!view) {
    return NextResponse.json({ error: "Not found" }, { status: 404 });
  }

  const body = await request.json();
  const { eventId } = body || {};
  if (!eventId) {
    return NextResponse.json({ error: "Event erforderlich." }, { status: 400 });
  }

  await prisma.userViewItem.deleteMany({
    where: { viewId: view.id, eventId }
  });

  return NextResponse.json({ ok: true });
}