import { queryOne, execute } from '../../../../utils/db'
import { requireAdmin } from '../../../../utils/session'

/**
 * 메뉴 권한 토글
 * POST /api/admin/menu/[id]/toggle-role
 */
export default defineEventHandler(async (event) => {
  await requireAdmin(event)
  
  const menuId = getRouterParam(event, 'id')
  const body = await readBody(event)
  const { roleId, enabled } = body
  
  if (!roleId) {
    throw createError({ statusCode: 400, message: '권한 ID가 필요합니다.' })
  }
  
  // 메뉴 존재 확인
  const menu = await queryOne<any>(`
    SELECT menu_id FROM wr_menu WHERE menu_id = $1
  `, [menuId])
  
  if (!menu) {
    throw createError({ statusCode: 404, message: '메뉴를 찾을 수 없습니다.' })
  }
  
  if (enabled) {
    // 권한 추가
    await execute(`
      INSERT INTO wr_menu_role (menu_id, role_id)
      VALUES ($1, $2)
      ON CONFLICT (menu_id, role_id) DO NOTHING
    `, [menuId, roleId])
  } else {
    // 권한 제거
    await execute(`
      DELETE FROM wr_menu_role
      WHERE menu_id = $1 AND role_id = $2
    `, [menuId, roleId])
  }
  
  return { success: true }
})