import { requireRole } from '../../../utils/auth'
import { assertBadRequest } from '../../../utils/http'
import { listUsers, reorderUsers } from '../../../utils/user-repository'
import { parseUserOrderInput } from '../../../utils/users'

export default defineEventHandler(async (event) => {
  await requireRole(event, 'super_admin')

  const body = await readBody<{
    userIds?: unknown
  }>(event)
  const { userIds } = parseUserOrderInput(body)
  const users = await listUsers()
  const existingIds = new Set(users.map((user) => user.id))

  assertBadRequest(userIds.length === users.length, 'User order must include every user')
  assertBadRequest(userIds.every((userId) => existingIds.has(userId)), 'User order contains an unknown user')

  await reorderUsers(userIds)

  return {
    users: await listUsers()
  }
})