import { NextRequest, NextResponse } from 'next/server' import { getSession } from '@/lib/auth' import { prisma } from '@/lib/db' import { v4 as uuidv4 } from 'uuid' // All available permissions in the system export const ALL_PERMISSIONS = [ // Dashboard { key: 'dashboard.view', label: 'Dashboard ansehen', category: 'Dashboard' }, { key: 'dashboard.stats', label: 'Statistiken ansehen', category: 'Dashboard' }, // Characters { key: 'characters.view', label: 'Charaktere ansehen', category: 'Charaktere' }, { key: 'characters.edit', label: 'Charaktere bearbeiten', category: 'Charaktere' }, { key: 'characters.delete', label: 'Charaktere loeschen', category: 'Charaktere' }, // Player Accounts { key: 'players.view', label: 'Spielerkonten ansehen', category: 'Spielerkonten' }, { key: 'players.edit', label: 'Spielerkonten bearbeiten', category: 'Spielerkonten' }, { key: 'players.notes', label: 'Spieler-Notizen verwalten', category: 'Spielerkonten' }, { key: 'players.logs', label: 'Spieler-Logs ansehen', category: 'Spielerkonten' }, // Users { key: 'users.view', label: 'Benutzer ansehen', category: 'Benutzerverwaltung' }, { key: 'users.edit', label: 'Benutzer bearbeiten', category: 'Benutzerverwaltung' }, { key: 'users.roles', label: 'Rollen zuweisen', category: 'Benutzerverwaltung' }, { key: 'users.ban', label: 'Benutzer sperren', category: 'Benutzerverwaltung' }, { key: 'users.groups', label: 'Benutzergruppen verwalten', category: 'Benutzerverwaltung' }, // Job Panels { key: 'jobpanels.view', label: 'Fraktionen ansehen', category: 'Fraktionen' }, { key: 'jobpanels.create', label: 'Fraktionen erstellen', category: 'Fraktionen' }, { key: 'jobpanels.edit', label: 'Fraktionen bearbeiten', category: 'Fraktionen' }, { key: 'jobpanels.delete', label: 'Fraktionen loeschen', category: 'Fraktionen' }, // Support { key: 'support.view', label: 'Support-Tickets ansehen', category: 'Support' }, { key: 'support.manage', label: 'Support-Tickets verwalten', category: 'Support' }, { key: 'support.close', label: 'Support-Tickets schliessen', category: 'Support' }, // Logs { key: 'logs.view', label: 'Protokolle ansehen', category: 'Protokolle' }, { key: 'logs.export', label: 'Protokolle exportieren', category: 'Protokolle' }, // Settings { key: 'settings.view', label: 'Einstellungen ansehen', category: 'Einstellungen' }, { key: 'settings.edit', label: 'Einstellungen bearbeiten', category: 'Einstellungen' }, { key: 'settings.database', label: 'Datenbank konfigurieren', category: 'Einstellungen' }, { key: 'settings.migrations', label: 'Migrationen ausfuehren', category: 'Einstellungen' }, ] // GET - List all user groups export async function GET() { try { const session = await getSession() if (!session || !['ADMIN', 'SUPERADMIN'].includes(session.role)) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } let groups: any[] = [] try { // First check if table exists by trying a simple query const tableCheck = await prisma.$queryRaw` SELECT COUNT(*) as count FROM information_schema.tables WHERE table_schema = DATABASE() AND table_name = 'user_groups' ` as any[] const tableExists = tableCheck?.[0]?.count > 0 if (!tableExists) { console.log('[UserGroups] Table does not exist yet') return NextResponse.json({ groups: [], permissions: ALL_PERMISSIONS, tableExists: false }) } // Use raw SQL to avoid Prisma model issues const result = await prisma.$queryRaw` SELECT g.id, g.name, g.displayName, g.color, g.icon, g.priority, g.permissions, g.isDefault, g.createdAt, g.updatedAt FROM user_groups g ORDER BY g.priority DESC ` as any[] groups = result.map(g => ({ ...g, permissions: typeof g.permissions === 'string' ? JSON.parse(g.permissions) : (g.permissions || []), isDefault: Boolean(g.isDefault), _count: { members: 0 } })) } catch (e: any) { // Table may not exist yet - return empty array console.log('[UserGroups] Error fetching groups:', e?.message || e) groups = [] } return NextResponse.json({ groups, permissions: ALL_PERMISSIONS }) } catch (error: any) { console.error('[API] Failed to fetch user groups:', error?.message || error) return NextResponse.json({ error: 'Failed to fetch user groups' }, { status: 500 }) } } // POST - Create a new user group export async function POST(request: NextRequest) { try { const session = await getSession() if (!session || session.role !== 'SUPERADMIN') { return NextResponse.json({ error: 'Only superadmins can create groups' }, { status: 401 }) } const body = await request.json() const { name, displayName, color, icon, priority, permissions, isDefault } = body if (!name || !displayName) { return NextResponse.json({ error: 'Name and display name are required' }, { status: 400 }) } const id = uuidv4() const groupName = name.toLowerCase().replace(/\s+/g, '-') const groupColor = color || '#6366f1' const groupPriority = parseInt(String(priority)) || 0 const groupPermissions = JSON.stringify(permissions || []) const groupIsDefault = isDefault ? 1 : 0 try { await prisma.$executeRaw` INSERT INTO user_groups (id, name, displayName, color, icon, priority, permissions, isDefault, createdAt, updatedAt) VALUES (${id}, ${groupName}, ${displayName}, ${groupColor}, ${icon || null}, ${groupPriority}, ${groupPermissions}, ${groupIsDefault}, NOW(), NOW()) ` return NextResponse.json({ success: true, group: { id, name: groupName, displayName, color: groupColor, icon, priority: groupPriority, permissions: permissions || [], isDefault: Boolean(isDefault) } }) } catch (dbError: any) { const errorMsg = dbError instanceof Error ? dbError.message : String(dbError) console.error('[API] Database error creating group:', errorMsg) if (errorMsg.includes("doesn't exist") || errorMsg.includes('does not exist') || errorMsg.includes('no such table')) { return NextResponse.json({ error: 'Die user_groups Tabelle existiert nicht. Bitte gehe zu Einstellungen > Migrationen und fuehre die Migrationen aus.' }, { status: 500 }) } if (errorMsg.includes('Unique constraint') || errorMsg.includes('UNIQUE') || errorMsg.includes('Duplicate')) { return NextResponse.json({ error: 'Eine Gruppe mit diesem Namen existiert bereits.' }, { status: 400 }) } return NextResponse.json({ error: `Datenbankfehler: ${errorMsg.substring(0, 100)}` }, { status: 500 }) } } catch (error) { console.error('[API] Failed to create user group:', error) const errorMsg = error instanceof Error ? error.message : 'Unbekannter Fehler' return NextResponse.json({ error: `Fehler: ${errorMsg}` }, { status: 500 }) } } // PUT - Update a user group export async function PUT(request: NextRequest) { try { const session = await getSession() if (!session || session.role !== 'SUPERADMIN') { return NextResponse.json({ error: 'Nur Superadmins koennen Gruppen bearbeiten' }, { status: 401 }) } const body = await request.json() const { id, displayName, color, icon, priority, permissions, isDefault } = body if (!id) { return NextResponse.json({ error: 'Gruppen-ID ist erforderlich' }, { status: 400 }) } const groupPriority = parseInt(String(priority)) || 0 const groupPermissions = JSON.stringify(permissions || []) const groupIsDefault = isDefault ? 1 : 0 try { await prisma.$executeRaw` UPDATE user_groups SET displayName = ${displayName}, color = ${color}, icon = ${icon || null}, priority = ${groupPriority}, permissions = ${groupPermissions}, isDefault = ${groupIsDefault}, updatedAt = NOW() WHERE id = ${id} ` return NextResponse.json({ success: true, group: { id, displayName, color, icon, priority: groupPriority, permissions, isDefault } }) } catch (dbError: any) { const errorMsg = dbError instanceof Error ? dbError.message : String(dbError) if (errorMsg.includes("doesn't exist") || errorMsg.includes('does not exist')) { return NextResponse.json({ error: 'Die user_groups Tabelle existiert nicht. Bitte fuehre die Migrationen aus.' }, { status: 500 }) } throw dbError } } catch (error) { console.error('[API] Failed to update user group:', error) return NextResponse.json({ error: 'Fehler beim Aktualisieren der Gruppe' }, { status: 500 }) } } // DELETE - Delete a user group export async function DELETE(request: NextRequest) { try { const session = await getSession() if (!session || session.role !== 'SUPERADMIN') { return NextResponse.json({ error: 'Nur Superadmins koennen Gruppen loeschen' }, { status: 401 }) } const { searchParams } = new URL(request.url) const groupId = searchParams.get('id') if (!groupId) { return NextResponse.json({ error: 'Gruppen-ID ist erforderlich' }, { status: 400 }) } try { // First delete all members await prisma.$executeRaw`DELETE FROM user_group_members WHERE groupId = ${groupId}` // Then delete the group await prisma.$executeRaw`DELETE FROM user_groups WHERE id = ${groupId}` return NextResponse.json({ success: true }) } catch (dbError: any) { const errorMsg = dbError instanceof Error ? dbError.message : String(dbError) if (errorMsg.includes("doesn't exist") || errorMsg.includes('does not exist')) { return NextResponse.json({ error: 'Die user_groups Tabelle existiert nicht.' }, { status: 500 }) } throw dbError } } catch (error) { console.error('[API] Failed to delete user group:', error) return NextResponse.json({ error: 'Fehler beim Loeschen der Gruppe' }, { status: 500 }) } }