// app/api/branches/route.js
import { NextResponse } from "next/server";
import { listBranches } from "@/lib/storage";
import { getSession } from "@/lib/auth/session";
import { filterBranchesForSession } from "@/lib/auth/permissions";

/**
 * GET /api/branches
 *
 * Returns the list of branches (e.g. ["NL01", "NL02", ...]) based on the
 * directory names under NAS_ROOT_PATH.
 *
 * RBAC:
 * - 401 if no session
 * - branch role: only returns its own branch
 * - admin/dev: returns all branches
 */
export async function GET() {
	const session = await getSession();

	if (!session) {
		return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
	}

	try {
		const branches = await listBranches();
		const visibleBranches = filterBranchesForSession(session, branches);

		return NextResponse.json({ branches: visibleBranches });
	} catch (error) {
		console.error("[api/branches] Error reading branches:", error);

		return NextResponse.json(
			{ error: "Fehler beim Lesen der Niederlassungen" },
			{ status: 500 }
		);
	}
}