// FILE: src/routes/maps.js
// Maps routes
// - Manage relationships between RFAs and Drawings, Correspondences and Documents
// - Requires appropriate permissions via requirePerm middleware
// - Uses project scope for RFA-Drawing maps and Correspondence-Document maps
// - rfa:update for RFA-Drawing maps
// - correspondence:update for Correspondence-Document maps

import { Router } from "express";
import sql from "../db/index.js";
import { requirePerm } from "../middleware/requirePerm.js";
import { buildScopeWhere, ownerResolvers } from "../utils/scope.js";
import PERM from "../config/permissions.js";

const r = Router();
const OWN = ownerResolvers(sql, "entity_maps", "id");

// LIST
r.get(
  "/",
  requirePerm(PERM.map.read, { scope: "global" }),
  async (req, res) => {
    const {
      project_id,
      org_id,
      module,
      src_type,
      dst_type,
      limit = 100,
      offset = 0,
    } = req.query;

    const base = buildScopeWhere(req.principal, {
      tableAlias: "m",
      orgColumn: "m.org_id",
      projectColumn: "m.project_id",
      permCode: PERM.map.read,
      preferProject: true,
    });

    const extra = [];
    const params = {
      ...base.params,
      limit: Number(limit),
      offset: Number(offset),
    };
    if (project_id) {
      extra.push("m.project_id = :project_id");
      params.project_id = Number(project_id);
    }
    if (org_id) {
      extra.push("m.org_id = :org_id");
      params.org_id = Number(org_id);
    }
    if (module) {
      extra.push("m.module = :module");
      params.module = module;
    }
    if (src_type) {
      extra.push("m.src_type = :src_type");
      params.src_type = src_type;
    }
    if (dst_type) {
      extra.push("m.dst_type = :dst_type");
      params.dst_type = dst_type;
    }

    const where = [base.where, ...extra].filter(Boolean).join(" AND ");
    const [rows] = await sql.query(
      `SELECT m.* FROM entity_maps m
       WHERE ${where}
       ORDER BY m.id DESC LIMIT :limit OFFSET :offset`,
      params
    );
    res.json(rows);
  }
);

// CREATE
r.post(
  "/",
  requirePerm(PERM.map.create, {
    scope: "org",
    getOrgId: async (req) => req.body?.org_id ?? null,
  }),
  async (req, res) => {
    const {
      org_id,
      project_id,
      module,
      src_type,
      src_id,
      dst_type,
      dst_id,
      remark,
    } = req.body;
    const [rs] = await sql.query(
      `INSERT INTO entity_maps (org_id, project_id, module, src_type, src_id, dst_type, dst_id, remark, created_by)
       VALUES (?,?,?,?,?,?,?,?,?)`,
      [
        org_id,
        project_id,
        module,
        src_type,
        Number(src_id),
        dst_type,
        Number(dst_id),
        remark ?? null,
        req.principal.userId,
      ]
    );
    res.json({ id: rs.insertId });
  }
);

// DELETE (by id)
r.delete(
  "/:id",
  requirePerm(PERM.map.delete, { scope: "org", getOrgId: OWN.getOrgIdById }),
  async (req, res) => {
    const id = Number(req.params.id);
    await sql.query("DELETE FROM entity_maps WHERE id=?", [id]);
    res.json({ ok: 1 });
  }
);

export default r;