AG Scroll Settings Budget Push und Rechnungsdokumente umsetzen

src/app/api/settings/route.ts

@@ -1,15 +1,17 @@
 import { NextResponse } from "next/server";
 import { z } from "zod";
 
-import { getAppSettings, toApprovalThresholdNumber } from "@/lib/app-settings";
+import { getAppSettings, serializeAppSettings, toApprovalThresholdNumber } from "@/lib/app-settings";
 import { snapshotAppSettings } from "@/lib/audit-snapshots";
 import { createAuditLog } from "@/lib/audit-log";
-import { canManageUsers } from "@/lib/domain";
+import { APPROVAL_FLOW, canManageSettings, canManageUsers, normalizeRequiredApprovalTypes } from "@/lib/domain";
 import prisma from "@/lib/prisma";
 import { getCurrentViewer } from "@/lib/session";
 
 const settingsSchema = z.object({
-  approvalThreshold: z.coerce.number().min(0).max(100000)
+  approvalThreshold: z.coerce.number().min(0).max(100000).optional(),
+  requiredApprovalTypes: z.array(z.enum(APPROVAL_FLOW)).min(1).optional(),
+  budgetReleaseNotifyTarget: z.enum(["ALL_GROUP_USERS", "GROUP_MEMBERS_ONLY"]).optional()
 });
 
 export async function PATCH(request: Request) {
@@ -27,7 +29,14 @@ export async function PATCH(request: Request) {
   const parsed = settingsSchema.safeParse(body);
 
   if (!parsed.success) {
-    return NextResponse.json({ error: "Bitte eine gueltige Freigabe-Schwelle eingeben." }, { status: 400 });
+    return NextResponse.json({ error: "Bitte gueltige Einstellungen eingeben." }, { status: 400 });
+  }
+
+  const changesOrgaSettings =
+    parsed.data.requiredApprovalTypes !== undefined || parsed.data.budgetReleaseNotifyTarget !== undefined;
+
+  if (changesOrgaSettings && !canManageSettings(viewer.role)) {
+    return NextResponse.json({ error: "Nur AG Orga darf Zuständigkeiten und Benachrichtigungen ändern." }, { status: 403 });
   }
 
   const existingSettings = await getAppSettings();
@@ -38,7 +47,13 @@ export async function PATCH(request: Request) {
       id: existingSettings.id
     },
     data: {
-      approvalThreshold: parsed.data.approvalThreshold
+      ...(parsed.data.approvalThreshold !== undefined ? { approvalThreshold: parsed.data.approvalThreshold } : {}),
+      ...(parsed.data.requiredApprovalTypes !== undefined
+        ? { requiredApprovalTypes: normalizeRequiredApprovalTypes(parsed.data.requiredApprovalTypes) }
+        : {}),
+      ...(parsed.data.budgetReleaseNotifyTarget !== undefined
+        ? { budgetReleaseNotifyTarget: parsed.data.budgetReleaseNotifyTarget }
+        : {})
     }
   });
 
@@ -48,9 +63,11 @@ export async function PATCH(request: Request) {
     entityType: "settings",
     entityId: appSettings.id,
     entityLabel: "Freigabe-Schwelle",
-    summary: `Freigabe-Schwelle wurde auf ${toApprovalThresholdNumber(appSettings.approvalThreshold).toFixed(2)} EUR gesetzt.`,
+    summary: changesOrgaSettings
+      ? "Zuständigkeiten und Benachrichtigungen wurden aktualisiert."
+      : `Freigabe-Schwelle wurde auf ${toApprovalThresholdNumber(appSettings.approvalThreshold).toFixed(2)} EUR gesetzt.`,
     metadata: {
-      approvalThreshold: toApprovalThresholdNumber(appSettings.approvalThreshold),
+      settings: serializeAppSettings(appSettings),
       rollback: {
         kind: "settings.update",
         previous: previousSnapshot
@@ -60,6 +77,6 @@ export async function PATCH(request: Request) {
 
   return NextResponse.json({
     ok: true,
-    approvalThreshold: toApprovalThresholdNumber(appSettings.approvalThreshold)
+    settings: serializeAppSettings(appSettings)
   });
 }