import { NextResponse } from 'next/server' import { prisma } from '@/lib/db' import { getSession } from '@/lib/auth' export async function GET(request: Request) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const url = new URL(request.url) const search = url.searchParams.get('search') || '' const status = url.searchParams.get('status') || '' const where: Record = {} if (search) { where.OR = [ { title: { contains: search, mode: 'insensitive' } }, { description: { contains: search, mode: 'insensitive' } } ] } if (status) { where.status = status } // Non-admins can only see their own reports const isAdmin = session.role === 'ADMIN' || session.role === 'OWNER' || session.role === 'MODERATOR' if (!isAdmin) { where.reporterId = session.userId } const reports = await prisma.report.findMany({ where, orderBy: [ { status: 'asc' }, { priority: 'desc' }, { createdAt: 'desc' } ], include: { reporter: { select: { username: true } }, assignee: { select: { username: true } }, _count: { select: { responses: true } } }, take: 50 }) return NextResponse.json(reports) } catch (error) { console.error('Failed to fetch reports:', error) return NextResponse.json({ error: 'Internal server error' }, { status: 500 }) } } export async function POST(request: Request) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { title, description, priority } = await request.json() if (!title || !description) { return NextResponse.json({ error: 'Title and description required' }, { status: 400 }) } const report = await prisma.report.create({ data: { title, description, priority: priority || 'MEDIUM', status: 'OPEN', reporterId: session.userId } }) return NextResponse.json(report) } catch (error) { console.error('Failed to create report:', error) return NextResponse.json({ error: 'Internal server error' }, { status: 500 }) } }