import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/auth";
import { prisma } from "@/lib/prisma";

// GET /api/users — list all users
export async function GET() {
  const session = await auth();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const userRole = session.user.role;
  const userDomains = session.user.domains || [];

  let users;
  if (userRole === "SUPER_ADMIN") {
    // Super admin her şeyi görür
    users = await prisma.user.findMany({
      orderBy: { createdAt: "asc" },
    });
  } else {
    // Domain admin sadece kendi domainlerine dokunan kullanıcıları görür
    users = await prisma.user.findMany({
      where: {
        domains: {
          hasSome: userDomains
        }
      },
      orderBy: { createdAt: "asc" },
    });
  }

  return NextResponse.json(users);
}

// POST /api/users — create a new user
export async function POST(req: NextRequest) {
  const session = await auth();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const userRole = session.user.role;
  const adminDomains = session.user.domains || [];

  try {
    const body = await req.json();
    const { name, email, password, role, domains, telegramId } = body;

    let finalDomains = domains || [];
    let finalRole = role || "DOMAIN_ADMIN";

    // Güvenlik: Domain admin yetkisini aşamaz
    if (userRole !== "SUPER_ADMIN") {
      // Eğer domain admin ise, yeni kullanıcıya sadece kendi domainlerini verebilir
      finalDomains = adminDomains;
      finalRole = "DOMAIN_ADMIN"; // Başka bir super admin oluşturamaz
    }

    const user = await prisma.user.create({
      data: {
        name,
        email: email.toLowerCase(),
        password,
        role: finalRole,
        domains: finalDomains,
        telegramId,
      },
    });

    return NextResponse.json(user);
  } catch (error: any) {
    return NextResponse.json({ error: error.message }, { status: 500 });
  }
}