import { NextRequest, NextResponse } from 'next/server' import { getSession } from '@/lib/auth' import { queryJobPanelDb } from '@/lib/job-panel-db' import { checkPanelAccess, isFeatureEnabled, hasPermission } from '@/lib/services/job-panel-permissions' import { logEmployeeChange } from '@/lib/services/job-panel-webhooks' import { logJobPanelEmployee } from '@/lib/services/admin-logging' import { getJobEmployees, setEmployeeGrade, fireEmployee, getJobByName } from '@/lib/services/job-adapter' import type { RowDataPacket } from 'mysql2' // GET - List employees export async function GET( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params // Check access const access = await checkPanelAccess(id) if (!access?.canAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } // Check if feature is enabled (superadmins can always access) const enabled = await isFeatureEnabled(id, 'employee_management') if (!enabled && !access.isSuperadmin) { return NextResponse.json({ employees: [], jobInfo: null, featureDisabled: true }) } // Get panel job name const panels = await queryJobPanelDb( 'SELECT job_name FROM job_panels WHERE id = ?', [id] ) if (panels.length === 0) { return NextResponse.json({ error: 'Panel not found' }, { status: 404 }) } const jobName = panels[0].job_name // Get employees from game database const employees = await getJobEmployees(jobName) // Get job info for grades const jobInfo = await getJobByName(jobName) return NextResponse.json({ employees, jobInfo, }) } catch (error) { console.error('[Employees API] GET error:', error) return NextResponse.json({ error: 'Failed to fetch employees' }, { status: 500 }) } } // PUT - Update employee (promote/demote) export async function PUT( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params // Check access const access = await checkPanelAccess(id) if (!access?.canAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } // Check permission if (!hasPermission(access, 'manage_employees')) { return NextResponse.json({ error: 'Permission denied' }, { status: 403 }) } const body = await request.json() const { citizenId, citizenName, newGrade, oldGrade, action } = body if (!citizenId || newGrade === undefined) { return NextResponse.json({ error: 'Citizen ID and new grade are required' }, { status: 400 }) } // Get panel job name const panels = await queryJobPanelDb( 'SELECT job_name FROM job_panels WHERE id = ?', [id] ) if (panels.length === 0) { return NextResponse.json({ error: 'Panel not found' }, { status: 404 }) } const jobName = panels[0].job_name const jobInfo = await getJobByName(jobName) // Update grade in game database const success = await setEmployeeGrade(citizenId, jobName, newGrade) if (!success) { return NextResponse.json({ error: 'Failed to update grade' }, { status: 500 }) } // Get grade names const oldGradeName = jobInfo?.grades.find(g => g.grade === oldGrade)?.label || `Grade ${oldGrade}` const newGradeName = jobInfo?.grades.find(g => g.grade === newGrade)?.label || `Grade ${newGrade}` // Determine action type const actionType = newGrade > oldGrade ? 'PROMOTED' : 'DEMOTED' // Log and send webhook await logEmployeeChange( id, action || actionType, session.userId, session.discordId, citizenId, citizenName || citizenId, { oldRank: oldGradeName, newRank: newGradeName } ) // Log to admin logs await logJobPanelEmployee(actionType, { panelId: id, jobName, citizenId, citizenName: citizenName || citizenId, oldGrade: oldGradeName, newGrade: newGradeName, }) return NextResponse.json({ success: true }) } catch (error) { console.error('[Employees] PUT error:', error) return NextResponse.json({ error: 'Failed to update employee' }, { status: 500 }) } } // DELETE - Fire employee export async function DELETE( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params // Check access const access = await checkPanelAccess(id) if (!access?.canAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } // Check permission if (!hasPermission(access, 'manage_employees')) { return NextResponse.json({ error: 'Permission denied' }, { status: 403 }) } const { searchParams } = new URL(request.url) const citizenId = searchParams.get('citizenId') const citizenName = searchParams.get('citizenName') const reason = searchParams.get('reason') if (!citizenId) { return NextResponse.json({ error: 'Citizen ID is required' }, { status: 400 }) } // Fire employee (set to unemployed) const success = await fireEmployee(citizenId) if (!success) { return NextResponse.json({ error: 'Failed to fire employee' }, { status: 500 }) } // Log and send webhook await logEmployeeChange( id, 'FIRED', session.userId, session.discordId, citizenId, citizenName || citizenId, { reason: reason || undefined } ) // Log to admin logs await logJobPanelEmployee('EMPLOYEE_FIRED', { panelId: id, citizenId, citizenName: citizenName || citizenId, reason: reason || 'No reason provided', }) return NextResponse.json({ success: true }) } catch (error) { console.error('[Employees] DELETE error:', error) return NextResponse.json({ error: 'Failed to fire employee' }, { status: 500 }) } }