espace-paie-odentas/app/api/staff/naa/[id]/route.ts

import { createRouteHandlerClient } from "@supabase/auth-helpers-nextjs";
import { cookies } from "next/headers";
import { NextRequest, NextResponse } from "next/server";

export const dynamic = "force-dynamic";

// GET - Récupérer les détails d'une NAA avec toutes ses données
export async function GET(
  request: NextRequest,
  { params }: { params: { id: string } }
) {
  try {
    const cookieStore = cookies();
    const supabase = createRouteHandlerClient({ cookies: () => cookieStore });

    // Vérifier l'authentification staff
    const { data: { user } } = await supabase.auth.getUser();
    if (!user) {
      return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
    }

    const { data: staffUser } = await supabase
      .from("staff_users")
      .select("user_id")
      .eq("user_id", user.id)
      .single();

    if (!staffUser) {
      return NextResponse.json({ error: "Accès non autorisé" }, { status: 403 });
    }

    // Récupérer le document NAA
    const { data: naaDoc, error: naaError } = await supabase
      .from("naa_documents")
      .select("*")
      .eq("id", params.id)
      .single();

    if (naaError || !naaDoc) {
      return NextResponse.json({ error: "NAA non trouvée" }, { status: 404 });
    }

    // Récupérer les prestations
    const { data: prestations, error: prestationsError } = await supabase
      .from("naa_prestations")
      .select("*")
      .eq("naa_id", params.id)
      .order("created_at");

    if (prestationsError) {
      console.error("Error fetching prestations:", prestationsError);
    }

    return NextResponse.json({
      ...naaDoc,
      prestations: prestations || []
    });

  } catch (error: any) {
    console.error("Error GET /api/staff/naa/[id]:", error);
    return NextResponse.json(
      { error: error.message || "Erreur serveur" },
      { status: 500 }
    );
  }
}

// DELETE - Supprimer une NAA
export async function DELETE(
  request: NextRequest,
  { params }: { params: { id: string } }
) {
  try {
    const cookieStore = cookies();
    const supabase = createRouteHandlerClient({ cookies: () => cookieStore });

    // Vérifier l'authentification staff
    const { data: { user } } = await supabase.auth.getUser();
    if (!user) {
      return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
    }

    const { data: staffUser } = await supabase
      .from("staff_users")
      .select("user_id")
      .eq("user_id", user.id)
      .single();

    if (!staffUser) {
      return NextResponse.json({ error: "Accès non autorisé" }, { status: 403 });
    }

    // Supprimer le document NAA (les prestations et line items seront supprimés en cascade)
    const { error } = await supabase
      .from("naa_documents")
      .delete()
      .eq("id", params.id);

    if (error) {
      console.error("Error deleting NAA:", error);
      return NextResponse.json({ error: error.message }, { status: 500 });
    }

    return NextResponse.json({ success: true });

  } catch (error: any) {
    console.error("Error DELETE /api/staff/naa/[id]:", error);
    return NextResponse.json(
      { error: error.message || "Erreur serveur" },
      { status: 500 }
    );
  }
}