vfxreview/app/api/clients/route.ts

import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/auth";
import { db } from "@/lib/db";

export async function GET(req: NextRequest) {
  const session = await auth();
  if (!session?.user) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const clients = await db.client.findMany({
    select: {
      id: true,
      company: true,
      contactPerson: true,
      email: true,
      isActive: true,
      _count: { select: { projects: true } },
    },
    orderBy: { company: "asc" },
  });

  return NextResponse.json({ clients });
}

export async function POST(req: NextRequest) {
  const session = await auth();
  if (!session?.user) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }
  if (!["ADMIN", "PRODUCER"].includes(session.user.role as string)) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const body = await req.json();
  const { company, contactPerson, email, phone, notes } = body;

  if (!company || !contactPerson || !email) {
    return NextResponse.json({ error: "company, contactPerson and email are required" }, { status: 400 });
  }

  const client = await db.client.create({
    data: { company, contactPerson, email, phone, notes },
  });

  return NextResponse.json({ client }, { status: 201 });
}