import { NextResponse } from 'next/server' import { getSession } from '@/lib/auth' import { prisma } from '@/lib/db' export async function GET( request: Request, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session || !['ADMIN', 'SUPERADMIN'].includes(session.role)) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params try { const notes = await prisma.playerNote.findMany({ where: { playerId: id }, orderBy: { createdAt: 'desc' }, include: { author: { select: { username: true } } } }) return NextResponse.json({ notes }) } catch { // Table may not exist yet return NextResponse.json({ notes: [] }) } } catch (error) { console.error('[API] Failed to fetch player notes:', error) return NextResponse.json({ notes: [] }) } } export async function POST( request: Request, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session || !['ADMIN', 'SUPERADMIN'].includes(session.role)) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params const body = await request.json() const { content, type = 'INFO', isPrivate = false } = body if (!content || typeof content !== 'string' || content.trim().length === 0) { return NextResponse.json({ error: 'Note content is required' }, { status: 400 }) } try { const note = await prisma.playerNote.create({ data: { playerId: id, content: content.trim(), type, isPrivate, authorId: session.userId, }, include: { author: { select: { username: true } } } }) return NextResponse.json({ note }) } catch (dbError) { console.error('[API] Database error creating note:', dbError) return NextResponse.json( { error: 'player_notes table may not exist. Please run migrations.' }, { status: 500 } ) } } catch (error) { console.error('[API] Failed to create player note:', error) return NextResponse.json( { error: 'Failed to create player note' }, { status: 500 } ) } } export async function DELETE( request: Request, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session || !['ADMIN', 'SUPERADMIN'].includes(session.role)) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params const { searchParams } = new URL(request.url) const noteId = searchParams.get('noteId') if (!noteId) { return NextResponse.json({ error: 'Note ID is required' }, { status: 400 }) } try { const note = await prisma.playerNote.findUnique({ where: { id: noteId } }) if (!note) { return NextResponse.json({ error: 'Note not found' }, { status: 404 }) } // Only author or superadmin can delete notes if (note.authorId !== session.userId && session.role !== 'SUPERADMIN') { return NextResponse.json({ error: 'Not authorized to delete this note' }, { status: 403 }) } await prisma.playerNote.delete({ where: { id: noteId } }) return NextResponse.json({ success: true }) } catch { return NextResponse.json( { error: 'player_notes table may not exist' }, { status: 500 } ) } } catch (error) { console.error('[API] Failed to delete player note:', error) return NextResponse.json( { error: 'Failed to delete player note' }, { status: 500 } ) } }