import { readUsers, type ServerUser } from "~/server/database"
import type { ApiUser } from "~/shared/types/api";

function serverUserToApi(user: ServerUser): ApiUser {
	if (user.deleted) {
		return {
			id: user.id,
			updatedAt: user.updatedAt,
			deleted: true,
		}
	}
	return {
		id: user.id,
		updatedAt: user.updatedAt,
		type: user.type,
		name: user.name,
	}
}

export default defineEventHandler(async (event) => {
	const session = await requireServerSession(event);
	const users = await readUsers();

	if (session.account.type === "admin") {
		return users.map(serverUserToApi);
	}
	if (session.account.type === "crew") {
		return users.filter(u => u.type === "crew" || u.type === "admin").map(serverUserToApi);
	}
	throw createError({
		status: 403,
		statusText: "Forbidden",
		message: "You do not have permission to list users",
	});
})