qms/pages/api/escapes/index.ts

import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { requireAuth, logAction, generateRef, SHIPMENT_SEND_ROLES } from '@/lib/auth'
import { EscapeStatus } from '@/types'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const user = await requireAuth(req, res)
  if (!user) return

  if (req.method === 'GET') {
    const { status } = req.query
    const where: any = {}
    if (status) where.status = status as EscapeStatus

    const escapes = await prisma.qualityEscape.findMany({
      where,
      include: { shipment: true, capa: { select: { ref: true } } },
      orderBy: { createdAt: 'desc' },
    })
    return res.json({ data: escapes })
  }

  if (req.method === 'POST') {
    // Report access: Production leads, Logistics lead, Admin
    const gated = await requireAuth(req, res, SHIPMENT_SEND_ROLES)
    if (!gated) return

    const { shipmentId, description, contact } = req.body
    if (!shipmentId || !description) return res.status(400).json({ error: 'shipmentId and description required' })

    const shipment = await prisma.shipment.findUnique({ where: { id: shipmentId } })
    if (!shipment) return res.status(404).json({ error: 'Shipment not found' })

    const count = await prisma.qualityEscape.count()
    const ref = generateRef('ESC', count)

    const escape = await prisma.qualityEscape.create({
      data: { ref, shipmentId, description, contact },
      include: { shipment: true },
    })

    await logAction(user.id, 'CREATE', 'QualityEscape', escape.id, null, { ref, shipmentRef: shipment.ref })
    return res.status(201).json({ data: escape })
  }

  res.status(405).end()
}