// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import { ApprovalWorkflow } from "@/interfaces/approval.workflow";
import { sessionOptions } from "@/lib/session";
import { requestUser } from "@/utils/api";
import { deleteApprovalWorkflow, getApprovalWorkflow, updateApprovalWorkflow } from "@/utils/approval.workflows.be";
import { getEntityWithRoles } from "@/utils/entities.be";
import { doesEntityAllow } from "@/utils/permissions";
import { withIronSessionApiRoute } from "iron-session/next";
import { ObjectId } from "mongodb";
import type { NextApiRequest, NextApiResponse } from "next";

export default withIronSessionApiRoute(handler, sessionOptions);

async function handler(req: NextApiRequest, res: NextApiResponse) {
    if (req.method === "DELETE") return await del(req, res);
    if (req.method === "PUT") return await put(req, res);
    if (req.method === "GET") return await get(req, res);
}

async function del(req: NextApiRequest, res: NextApiResponse) {
    const user = await requestUser(req, res);
    if (!user) return res.status(401).json({ ok: false });

    if (!["admin", "developer", "teacher", "corporate", "mastercorporate"].includes(user.type)) {
        return res.status(403).json({ ok: false });
    }

    const { id } = req.query as { id: string };
    const workflow = await getApprovalWorkflow("active-workflows", id);

    if (!workflow) return res.status(404).json({ ok: false });

    const entity = await getEntityWithRoles(workflow.entityId);
    if (!entity) return res.status(404).json({ ok: false });

    if (!doesEntityAllow(user, entity, "delete_workflow") && !["admin", "developer"].includes(user.type)) {
        return res.status(403).json({ ok: false });
    }

    return res.status(200).json(await deleteApprovalWorkflow("active-workflows", id));
}

async function put(req: NextApiRequest, res: NextApiResponse) {
    const user = await requestUser(req, res);
    if (!user) return res.status(401).json({ ok: false });

    if (!["admin", "developer", "teacher", "corporate", "mastercorporate"].includes(user.type)) {
        return res.status(403).json({ ok: false });
    }

    const { id } = req.query as { id?: string };
    const workflow: ApprovalWorkflow = req.body;

    if (id && workflow) {
        workflow._id = new ObjectId(id);
        await updateApprovalWorkflow("active-workflows", workflow);
        return res.status(204).end();
    }
}

async function get(req: NextApiRequest, res: NextApiResponse) {
    const user = await requestUser(req, res);
    if (!user) return res.status(401).json({ ok: false });

    if (!["admin", "developer", "teacher", "corporate", "mastercorporate"].includes(user.type)) {
        return res.status(403).json({ ok: false });
    }

    const { id } = req.query as { id?: string };

    if (id) {
        return res.status(200).json(await getApprovalWorkflow("active-workflows", id));
    }
}