import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/auth";
import { prisma } from "@/lib/prisma";

// PATCH /api/users/[id] — update a user
export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const session = await auth();
  const { id } = await params;

  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const userRole = session.user.role;
  const adminDomains = session.user.domains || [];

  try {
    // Mevcut kullanıcıyı kontrol et
    const existingUser = await prisma.user.findUnique({ where: { id } });
    if (!existingUser) return NextResponse.json({ error: "User not found" }, { status: 404 });

    // Güvenlik Kontrolü: Domain admin sadece kendi domainindeki kullanıcıyı güncelleyebilir
    if (userRole !== "SUPER_ADMIN") {
      const hasAccess = existingUser.domains.some(d => adminDomains.includes(d));
      if (!hasAccess) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
    }

    const body = await req.json();
    const { name, email, password, role, domains, telegramId } = body;

    let finalDomains = domains;
    let finalRole = role;

    // Güvenlik: Domain admin yetki yükseltemez veya domain değiştiremez
    if (userRole !== "SUPER_ADMIN") {
      finalDomains = adminDomains; // Kendi domainlerine kilitler
      finalRole = "DOMAIN_ADMIN";
    }

    const user = await prisma.user.update({
      where: { id },
      data: {
        name,
        email: email?.toLowerCase(),
        password,
        role: finalRole,
        domains: finalDomains,
        telegramId,
      },
    });

    return NextResponse.json(user);
  } catch (error: any) {
    return NextResponse.json({ error: error.message }, { status: 500 });
  }
}

// DELETE /api/users/[id] — delete a user
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const session = await auth();
  const { id } = await params;

  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const userRole = session.user.role;
  const adminDomains = session.user.domains || [];

  try {
    const existingUser = await prisma.user.findUnique({ where: { id } });
    if (!existingUser) return NextResponse.json({ error: "User not found" }, { status: 404 });

    // Güvenlik Kontrolü
    if (userRole !== "SUPER_ADMIN") {
      const hasAccess = existingUser.domains.some(d => adminDomains.includes(d));
      if (!hasAccess) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
    }

    await prisma.user.delete({
      where: { id },
    });

    return NextResponse.json({ status: "ok" });
  } catch (error: any) {
    return NextResponse.json({ error: error.message }, { status: 500 });
  }
}