pelagia-portal/App/app/(portal)/admin/vessels/actions.ts

"use server";

import { auth } from "@/auth";
import { db } from "@/lib/db";
import { hasPermission } from "@/lib/permissions";
import { z } from "zod";
import { revalidatePath } from "next/cache";
import { nextId } from "@/lib/id-generators";

type ActionResult = { ok: true } | { error: string };

const vesselSchema = z.object({
  name: z.string().min(1, "Vessel name is required"),
  code: z.string().optional(),
  siteId: z.string().optional(),
});

export async function createVessel(formData: FormData): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) {
    return { error: "Unauthorized" };
  }

  const parsed = vesselSchema.safeParse({
    name: formData.get("name"),
    code: (formData.get("code") as string).trim() || undefined,
    siteId: (formData.get("siteId") as string) || undefined,
  });
  if (!parsed.success) return { error: parsed.error.errors[0]?.message ?? "Validation failed" };

  const existingCodes = await db.vessel.findMany({ select: { code: true } });

  let code: string;
  if (parsed.data.code) {
    // User supplied a custom code — validate uniqueness
    const conflict = await db.vessel.findUnique({ where: { code: parsed.data.code } });
    if (conflict) return { error: `Code "${parsed.data.code}" is already in use by another vessel.` };
    code = parsed.data.code;
  } else {
    // Auto-generate next available code
    code = nextId("SITE", existingCodes.map((v) => v.code));
  }

  await db.vessel.create({ data: { name: parsed.data.name, code, siteId: parsed.data.siteId ?? null } });
  revalidatePath("/admin/vessels");
  return { ok: true };
}

export async function updateVessel(formData: FormData): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) {
    return { error: "Unauthorized" };
  }

  const id = formData.get("id") as string;
  if (!id) return { error: "Vessel ID is required" };

  const parsed = vesselSchema.safeParse({
    name: formData.get("name"),
    siteId: (formData.get("siteId") as string) || undefined,
  });
  if (!parsed.success) return { error: parsed.error.errors[0]?.message ?? "Validation failed" };

  await db.vessel.update({ where: { id }, data: { name: parsed.data.name, siteId: parsed.data.siteId ?? null } });
  revalidatePath("/admin/vessels");
  return { ok: true };
}

export async function deleteVessel(id: string): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) return { error: "Unauthorized" };

  const inUse = await db.purchaseOrder.findFirst({ where: { vesselId: id } });
  if (inUse) return { error: "Cannot delete: vessel is referenced in purchase orders. Remove those POs first." };

  await db.vessel.delete({ where: { id } });
  revalidatePath("/admin/vessels");
  return { ok: true };
}

export async function toggleVesselActive(vesselId: string): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user || !hasPermission(session.user.role, "manage_vessels_accounts")) {
    return { error: "Unauthorized" };
  }

  const vessel = await db.vessel.findUnique({ where: { id: vesselId }, select: { isActive: true } });
  if (!vessel) return { error: "Vessel not found" };

  await db.vessel.update({ where: { id: vesselId }, data: { isActive: !vessel.isActive } });
  revalidatePath("/admin/vessels");
  return { ok: true };
}