use actix_web::{post, web::Data, HttpRequest, HttpResponse};
use serde::Deserialize;

use crate::{
    ctx::Ctx, db::models::Ban, error::NekrochanError, qsform::QsForm, web::tcx::account_from_auth,
};

#[derive(Deserialize)]
pub struct RemoveBansForm {
    #[serde(default)]
    bans: Vec<i32>,
}

#[post("/staff/actions/remove-bans")]
pub async fn remove_bans(
    ctx: Data<Ctx>,
    req: HttpRequest,
    QsForm(form): QsForm<RemoveBansForm>,
) -> Result<HttpResponse, NekrochanError> {
    let account = account_from_auth(&ctx, &req).await?;

    if !(account.perms().owner() || account.perms().bans()) {
        return Err(NekrochanError::InsufficientPermissionError);
    }

    for ban in form.bans {
        if let Some(ban) = Ban::read_by_id(&ctx, ban).await? {
            ban.delete(&ctx).await?;
        }
    }

    let res = HttpResponse::SeeOther()
        .append_header(("Location", "/staff/bans"))
        .finish();

    Ok(res)
}