import { queryOne, execute } from '../../../../utils/db'
import { requireAdmin } from '../../../../utils/session'

/**
 * 사용자 개별 권한 토글 (추가/제거)
 * POST /api/admin/user/[id]/toggle-role
 * 
 * Body: { roleId: number }
 */
export default defineEventHandler(async (event) => {
  await requireAdmin(event)
  
  const employeeId = getRouterParam(event, 'id')
  if (!employeeId) {
    throw createError({ statusCode: 400, message: '사용자 ID가 필요합니다.' })
  }
  
  const body = await readBody<{ roleId: number }>(event)
  if (!body.roleId) {
    throw createError({ statusCode: 400, message: '권한 ID가 필요합니다.' })
  }
  
  // 사용자 존재 확인
  const user = await queryOne<any>(`
    SELECT employee_id FROM wr_employee_info WHERE employee_id = $1
  `, [employeeId])
  
  if (!user) {
    throw createError({ statusCode: 404, message: '사용자를 찾을 수 없습니다.' })
  }
  
  // 권한 존재 확인
  const role = await queryOne<any>(`
    SELECT role_id, role_code FROM wr_role WHERE role_id = $1
  `, [body.roleId])
  
  if (!role) {
    throw createError({ statusCode: 404, message: '권한을 찾을 수 없습니다.' })
  }
  
  // 현재 권한 보유 여부 확인
  const existing = await queryOne<any>(`
    SELECT employee_role_id FROM wr_employee_role 
    WHERE employee_id = $1 AND role_id = $2
  `, [employeeId, body.roleId])
  
  let added: boolean
  
  if (existing) {
    // 권한 제거
    await execute(`
      DELETE FROM wr_employee_role WHERE employee_id = $1 AND role_id = $2
    `, [employeeId, body.roleId])
    added = false
  } else {
    // 권한 추가
    await execute(`
      INSERT INTO wr_employee_role (employee_id, role_id) VALUES ($1, $2)
    `, [employeeId, body.roleId])
    added = true
  }
  
  return {
    success: true,
    employeeId: parseInt(employeeId as string),
    roleId: body.roleId,
    roleCode: role.role_code,
    added
  }
})