weeklyreport/backend/api/report/weekly/[id]/delete.delete.ts

import { query, execute } from '../../../../utils/db'
import { requireAuth } from '../../../../utils/session'

const ADMIN_EMAIL = 'coziny@gmail.com'

/**
 * 주간보고 삭제
 * DELETE /api/report/weekly/[id]/delete
 */
export default defineEventHandler(async (event) => {
  const userId = await requireAuth(event)
  
  const reportId = getRouterParam(event, 'id')
  if (!reportId) {
    throw createError({ statusCode: 400, message: '보고서 ID가 필요합니다.' })
  }
  
  // 현재 사용자 정보 조회
  const currentUser = await query<any>(`
    SELECT employee_email FROM wr_employee_info WHERE employee_id = $1
  `, [userId])
  const isAdmin = currentUser[0]?.employee_email === ADMIN_EMAIL
  
  // 보고서 정보 조회
  const report = await query<any>(`
    SELECT report_id, author_id FROM wr_weekly_report WHERE report_id = $1
  `, [reportId])
  
  if (!report[0]) {
    throw createError({ statusCode: 404, message: '보고서를 찾을 수 없습니다.' })
  }
  
  // 권한 체크: 본인 또는 관리자만 삭제 가능
  if (report[0].author_id !== userId && !isAdmin) {
    throw createError({ statusCode: 403, message: '삭제 권한이 없습니다.' })
  }
  
  // 프로젝트 실적 먼저 삭제
  await execute(`DELETE FROM wr_weekly_report_project WHERE report_id = $1`, [reportId])
  
  // 주간보고 삭제
  await execute(`DELETE FROM wr_weekly_report WHERE report_id = $1`, [reportId])
  
  return {
    success: true,
    message: '주간보고가 삭제되었습니다.'
  }
})