import { NextRequest, NextResponse } from 'next/server';
import { getSession } from '@/lib/session';
import * as phpdb from '@/lib/phpdb';

export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const session = await getSession();
  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
  if (!session.role?.includes('admin')) return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 });
  try {
    const { id } = await params;
    const numId = Number(id);
    if (isNaN(numId)) return NextResponse.json({ error: 'Ungültige ID' }, { status: 400 });
    const { name } = await req.json();
    const trimmed = (name as string)?.trim();
    if (!trimmed) return NextResponse.json({ error: 'Name darf nicht leer sein' }, { status: 400 });
    const result = await phpdb.updateObjekt(numId, trimmed);
    return NextResponse.json(result);
  } catch (error) {
    console.error('PUT /api/objekte/[id]:', error);
    return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 });
  }
}

export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const session = await getSession();
  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
  if (!session.role?.includes('admin')) return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 });
  try {
    const { id } = await params;
    const numId = Number(id);
    if (isNaN(numId)) return NextResponse.json({ error: 'Ungültige ID' }, { status: 400 });
    await phpdb.deleteObjekt(numId);
    return NextResponse.json({ ok: true });
  } catch (error) {
    console.error('DELETE /api/objekte/[id]:', error);
    return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 });
  }
}