import { NextRequest, NextResponse } from 'next/server';
import { query } from '@/lib/db';
import { getSession } from '@/lib/session';

export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const session = await getSession();
  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
  if (!session.role?.includes('admin')) return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 });
  try {
    const { id } = await params;
    const numId = Number(id);
    if (isNaN(numId)) return NextResponse.json({ error: 'Ungültige ID' }, { status: 400 });
    const { name } = await req.json();
    const trimmed = (name as string)?.trim();
    if (!trimmed) return NextResponse.json({ error: 'Name darf nicht leer sein' }, { status: 400 });
    await query('UPDATE objekte SET Name = ? WHERE ID = ?', [trimmed, numId]);
    return NextResponse.json({ ID: numId, Name: trimmed });
  } catch (error) {
    console.error('PUT /api/objekte/[id]:', error);
    return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 });
  }
}

export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const session = await getSession();
  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
  if (!session.role?.includes('admin')) return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 });
  try {
    const { id } = await params;
    const numId = Number(id);
    if (isNaN(numId)) return NextResponse.json({ error: 'Ungültige ID' }, { status: 400 });
    await query('DELETE FROM objekte WHERE ID = ?', [numId]);
    return NextResponse.json({ ok: true });
  } catch (error) {
    console.error('DELETE /api/objekte/[id]:', error);
    return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 });
  }
}