use actix_web::{post, web::Data, HttpRequest, HttpResponse};
use serde::Deserialize;

use crate::{
    ctx::Ctx, db::models::Account, error::NekrochanError, qsform::QsForm,
    web::tcx::account_from_auth,
};

#[derive(Deserialize)]
pub struct RemoveAccountsForm {
    #[serde(default)]
    accounts: Vec<String>,
}

#[post("/staff/actions/remove-accounts")]
pub async fn remove_accounts(
    ctx: Data<Ctx>,
    req: HttpRequest,
    QsForm(form): QsForm<RemoveAccountsForm>,
) -> Result<HttpResponse, NekrochanError> {
    let account = account_from_auth(&ctx, &req).await?;

    if !account.perms().owner() {
        return Err(NekrochanError::InsufficientPermissionError);
    }

    for account in form.accounts {
        if let Some(account) = Account::read(&ctx, account).await? {
            if account.owner {
                return Err(NekrochanError::OwnerDeletionError);
            }

            account.delete(&ctx).await?;
        }
    }

    let res = HttpResponse::SeeOther()
        .append_header(("Location", "/staff/accounts"))
        .finish();

    Ok(res)
}