/*
	SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
	SPDX-License-Identifier: AGPL-3.0-or-later
*/
import { readUsers } from "~/server/database"

export default defineEventHandler(async (event) => {
	const session = await requireServerSession(event);
	const users = await readUsers();

	if (session.account.type === "admin") {
		return users.map(serverUserToApi);
	}
	if (session.account.type === "crew") {
		return users.filter(u => u.type === "crew" || u.type === "admin").map(serverUserToApi);
	}
	throw createError({
		status: 403,
		statusText: "Forbidden",
		message: "You do not have permission to list users",
	});
})