import { NextRequest, NextResponse } from 'next/server'; import { z } from 'zod'; import { auditDelete, auditUpdate } from '@/features/foundation/audit-log/service'; import { getDocumentTemplate, softDeleteDocumentTemplate, updateDocumentTemplate, } from '@/features/foundation/document-template/server/service'; import { PERMISSIONS } from '@/lib/auth/rbac'; import { AuthError, requireOrganizationAccess } from '@/lib/auth/session'; type Params = { params: Promise<{ id: string }>; }; const documentTemplateSchema = z.object({ documentType: z.string().min(1).optional(), productType: z.string().min(1).optional(), fileType: z.string().min(1).optional(), templateName: z.string().min(1).optional(), description: z.string().optional().nullable(), isDefault: z.boolean().optional(), isActive: z.boolean().optional(), }); export async function GET(_request: NextRequest, { params }: Params) { try { const { id } = await params; const { organization } = await requireOrganizationAccess({ permission: PERMISSIONS.crmDocumentTemplateRead, }); const template = await getDocumentTemplate(id, organization.id); return NextResponse.json({ success: true, time: new Date().toISOString(), message: 'Document template loaded successfully', template, }); } catch (error) { if (error instanceof AuthError) { return NextResponse.json({ message: error.message }, { status: error.status }); } if (error instanceof Error) { return NextResponse.json({ message: error.message }, { status: 400 }); } return NextResponse.json( { message: 'Unable load document template' }, { status: 500 }, ); } } export async function PATCH(request: NextRequest, { params }: Params) { try { const { id } = await params; const { organization, session } = await requireOrganizationAccess({ permission: PERMISSIONS.crmDocumentTemplateUpdate, }); const payload = documentTemplateSchema.parse(await request.json()); const before = await getDocumentTemplate(id, organization.id); const updated = await updateDocumentTemplate( id, organization.id, session.user.id, payload, ); await auditUpdate({ organizationId: organization.id, userId: session.user.id, entityType: 'crm_document_template', entityId: id, beforeData: before, afterData: updated, }); return NextResponse.json({ success: true, message: 'Document template updated successfully', }); } catch (error) { if (error instanceof AuthError) { return NextResponse.json({ message: error.message }, { status: error.status }); } if (error instanceof z.ZodError) { return NextResponse.json({ message: error.flatten() }, { status: 400 }); } if (error instanceof Error) { return NextResponse.json({ message: error.message }, { status: 400 }); } return NextResponse.json( { message: 'Unable update document template' }, { status: 500 }, ); } } export async function DELETE(_request: NextRequest, { params }: Params) { try { const { id } = await params; const { organization, session } = await requireOrganizationAccess({ permission: PERMISSIONS.crmDocumentTemplateDelete, }); const before = await getDocumentTemplate(id, organization.id); const updated = await softDeleteDocumentTemplate( id, organization.id, session.user.id, ); await auditDelete({ organizationId: organization.id, userId: session.user.id, entityType: 'crm_document_template', entityId: id, beforeData: before, afterData: updated, }); return NextResponse.json({ success: true, message: 'Document template deleted successfully', }); } catch (error) { if (error instanceof AuthError) { return NextResponse.json({ message: error.message }, { status: error.status }); } if (error instanceof Error) { return NextResponse.json({ message: error.message }, { status: 400 }); } return NextResponse.json( { message: 'Unable delete document template' }, { status: 500 }, ); } }