// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import { sessionOptions } from "@/lib/session";
import { requestUser } from "@/utils/api";
import { getApprovalWorkflows } from "@/utils/approval.workflows.be";
import { withIronSessionApiRoute } from "iron-session/next";
import type { NextApiRequest, NextApiResponse } from "next";

export default withIronSessionApiRoute(handler, sessionOptions);

async function handler(req: NextApiRequest, res: NextApiResponse) {
    if (req.method === "GET") return await get(req, res);
}

async function get(req: NextApiRequest, res: NextApiResponse) {
    const user = await requestUser(req, res);
    if (!user) return res.status(401).json({ ok: false });

    if (!["admin", "developer", "teacher", "corporate", "mastercorporate"].includes(user.type)) {
        return res.status(403).json({ ok: false });
    }

    const entityIdsString = req.query.entityIds as string;

    const entityIdsArray = entityIdsString.split(",");

    if (!["admin", "developer"].includes(user.type)) {
        // filtering workflows that have user as assignee in at least one of the steps
        return res.status(200).json(await getApprovalWorkflows("active-workflows", entityIdsArray, undefined, user.id));
    } else {
        return res.status(200).json(await getApprovalWorkflows("active-workflows", entityIdsArray));
    }
}