import { query, queryOne, execute } from '../../../../utils/db'
import { requireAdmin } from '../../../../utils/session'

/**
 * 사용자 권한 변경
 * PUT /api/admin/user/[id]/roles
 * 
 * Body: { roleIds: number[] }
 */
export default defineEventHandler(async (event) => {
  await requireAdmin(event)
  
  const employeeId = getRouterParam(event, 'id')
  if (!employeeId) {
    throw createError({ statusCode: 400, message: '사용자 ID가 필요합니다.' })
  }
  
  const body = await readBody<{ roleIds: number[] }>(event)
  const roleIds = body.roleIds || []
  
  // 사용자 존재 확인
  const user = await queryOne<any>(`
    SELECT employee_id, employee_email FROM wr_employee_info WHERE employee_id = $1
  `, [employeeId])
  
  if (!user) {
    throw createError({ statusCode: 404, message: '사용자를 찾을 수 없습니다.' })
  }
  
  // 기존 권한 모두 삭제
  await execute(`DELETE FROM wr_employee_role WHERE employee_id = $1`, [employeeId])
  
  // 새 권한 추가
  for (const roleId of roleIds) {
    await execute(`
      INSERT INTO wr_employee_role (employee_id, role_id)
      VALUES ($1, $2)
      ON CONFLICT (employee_id, role_id) DO NOTHING
    `, [employeeId, roleId])
  }
  
  // 변경된 권한 조회
  const updatedRoles = await query<any>(`
    SELECT r.role_id, r.role_code, r.role_name
    FROM wr_employee_role er
    JOIN wr_role r ON er.role_id = r.role_id
    WHERE er.employee_id = $1
  `, [employeeId])
  
  return {
    success: true,
    employeeId: parseInt(employeeId as string),
    roles: updatedRoles
  }
})