import { queryOne } from '../../../utils/db'
import { requireAdmin } from '../../../utils/session'

/**
 * 권한 생성
 * POST /api/admin/role/create
 */
export default defineEventHandler(async (event) => {
  await requireAdmin(event)
  
  const body = await readBody<{
    roleCode: string
    roleName: string
    roleDescription?: string
    isInternalIpOnly?: boolean
    sortOrder?: number
  }>(event)
  
  if (!body.roleCode || !body.roleName) {
    throw createError({ statusCode: 400, message: '권한코드와 권한명은 필수입니다.' })
  }
  
  // 코드 중복 체크
  const existing = await queryOne<any>(`
    SELECT role_id FROM wr_role WHERE role_code = $1
  `, [body.roleCode])
  
  if (existing) {
    throw createError({ statusCode: 400, message: '이미 존재하는 권한코드입니다.' })
  }
  
  const role = await queryOne<any>(`
    INSERT INTO wr_role (role_code, role_name, role_description, is_internal_ip_only, sort_order)
    VALUES ($1, $2, $3, $4, $5)
    RETURNING *
  `, [
    body.roleCode,
    body.roleName,
    body.roleDescription || null,
    body.isInternalIpOnly || false,
    body.sortOrder || 0
  ])
  
  return { success: true, role }
})