pelagia-portal/App/app/(portal)/admin/companies/actions.ts

"use server";

import { auth } from "@/auth";
import { db } from "@/lib/db";
import { hasPermission } from "@/lib/permissions";
import { z } from "zod";
import { revalidatePath } from "next/cache";

type ActionResult = { ok: true } | { error: string };

const companySchema = z.object({
  name:           z.string().min(1, "Company name is required"),
  code:           z.string().min(1, "Company code is required").max(10, "Code must be ≤ 10 characters").regex(/^[A-Z0-9]+$/i, "Code must be letters/numbers only").optional(),
  gstNumber:      z.string().optional(),
  address:        z.string().optional(),
  telephone:      z.string().optional(),
  mobile:         z.string().optional(),
  email:          z.string().email("Invalid email").optional().or(z.literal("")),
  invoiceEmail:   z.string().email("Invalid invoice email").optional().or(z.literal("")),
  invoiceAddress: z.string().optional(),
});

export async function createCompany(formData: FormData): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) {
    return { error: "Unauthorized" };
  }

  const parsed = companySchema.safeParse({
    name:           formData.get("name"),
    code:           (formData.get("code") as string) || undefined,
    gstNumber:      (formData.get("gstNumber") as string) || undefined,
    address:        (formData.get("address") as string) || undefined,
    telephone:      (formData.get("telephone") as string) || undefined,
    mobile:         (formData.get("mobile") as string) || undefined,
    email:          (formData.get("email") as string) || undefined,
    invoiceEmail:   (formData.get("invoiceEmail") as string) || undefined,
    invoiceAddress: (formData.get("invoiceAddress") as string) || undefined,
  });
  if (!parsed.success) return { error: parsed.error.errors[0]?.message ?? "Validation failed" };

  const { name, code, gstNumber, address, telephone, mobile, email, invoiceEmail, invoiceAddress } = parsed.data;
  if (code) {
    const conflict = await db.company.findFirst({ where: { code: { equals: code, mode: "insensitive" } } });
    if (conflict) return { error: `Code "${code.toUpperCase()}" is already used by another company.` };
  }
  await db.company.create({
    data: { name, code: code?.toUpperCase() ?? null, gstNumber: gstNumber ?? null, address: address ?? null, telephone: telephone ?? null, mobile: mobile ?? null, email: email || null, invoiceEmail: invoiceEmail || null, invoiceAddress: invoiceAddress ?? null },
  });
  revalidatePath("/admin/companies");
  return { ok: true };
}

export async function updateCompany(formData: FormData): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) {
    return { error: "Unauthorized" };
  }

  const id = formData.get("id") as string;
  if (!id) return { error: "Company ID is required" };

  const parsed = companySchema.safeParse({
    name:           formData.get("name"),
    code:           (formData.get("code") as string) || undefined,
    gstNumber:      (formData.get("gstNumber") as string) || undefined,
    address:        (formData.get("address") as string) || undefined,
    telephone:      (formData.get("telephone") as string) || undefined,
    mobile:         (formData.get("mobile") as string) || undefined,
    email:          (formData.get("email") as string) || undefined,
    invoiceEmail:   (formData.get("invoiceEmail") as string) || undefined,
    invoiceAddress: (formData.get("invoiceAddress") as string) || undefined,
  });
  if (!parsed.success) return { error: parsed.error.errors[0]?.message ?? "Validation failed" };

  const { name, code, gstNumber, address, telephone, mobile, email, invoiceEmail, invoiceAddress } = parsed.data;
  if (code) {
    const conflict = await db.company.findFirst({ where: { code: { equals: code, mode: "insensitive" }, id: { not: id } } });
    if (conflict) return { error: `Code "${code.toUpperCase()}" is already used by another company.` };
  }
  await db.company.update({
    where: { id },
    data: { name, code: code?.toUpperCase() ?? null, gstNumber: gstNumber ?? null, address: address ?? null, telephone: telephone ?? null, mobile: mobile ?? null, email: email || null, invoiceEmail: invoiceEmail || null, invoiceAddress: invoiceAddress ?? null },
  });
  revalidatePath("/admin/companies");
  return { ok: true };
}

export async function deleteCompany(id: string): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) return { error: "Unauthorized" };

  const inUse = await db.purchaseOrder.findFirst({ where: { companyId: id } });
  if (inUse) return { error: "Cannot delete: company is referenced in purchase orders." };

  await db.company.delete({ where: { id } });
  revalidatePath("/admin/companies");
  return { ok: true };
}

export async function toggleCompanyActive(id: string): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) {
    return { error: "Unauthorized" };
  }
  const company = await db.company.findUnique({ where: { id }, select: { isActive: true } });
  if (!company) return { error: "Company not found" };
  await db.company.update({ where: { id }, data: { isActive: !company.isActive } });
  revalidatePath("/admin/companies");
  return { ok: true };
}