import { NextRequest, NextResponse } from 'next/server'
import { getCurrentUser } from '@/lib/auth'
import { roleService } from '@/lib/services/role-service'
import { createAuditLog } from '@/lib/audit'

export async function GET() {
  try {
    const currentUser = await getCurrentUser()
    if (!currentUser) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
    }

    if (!['ADMIN', 'SUPERADMIN'].includes(currentUser.role)) {
      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
    }

    const roles = await roleService.getAllRoles()
    const permissions = await roleService.getAllPermissions()

    return NextResponse.json({ roles, permissions })
  } catch (error) {
    console.error('[API] Failed to fetch roles:', error)
    return NextResponse.json({ error: 'Failed to fetch roles' }, { status: 500 })
  }
}

export async function POST(request: NextRequest) {
  try {
    const currentUser = await getCurrentUser()
    if (!currentUser) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
    }

    if (currentUser.role !== 'SUPERADMIN') {
      return NextResponse.json({ error: 'Only superadmins can create roles' }, { status: 403 })
    }

    const body = await request.json()
    const { name, displayName, description, color, priority, permissionIds } = body

    if (!name || !displayName) {
      return NextResponse.json({ error: 'Name and display name are required' }, { status: 400 })
    }

    const role = await roleService.createRole({
      name,
      displayName,
      description,
      color,
      priority,
      permissionIds,
    })

    await createAuditLog({
      userId: currentUser.id,
      action: 'CREATE_ROLE',
      category: 'ADMIN',
      details: { roleId: role.id, roleName: role.name },
    })

    return NextResponse.json({ role })
  } catch (error) {
    console.error('[API] Failed to create role:', error)
    return NextResponse.json({ error: 'Failed to create role' }, { status: 500 })
  }
}