qms/pages/api/ncrs/[id]/escalate.ts

import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { requireAuth, logAction, generateRef } from '@/lib/auth'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const user = await requireAuth(req, res, ['ADMIN', 'QC'])
  if (!user) return
  if (req.method !== 'POST') return res.status(405).end()

  const { id } = req.query as { id: string }
  const { title, priority, ownerId, dueDate } = req.body

  if (!title || !ownerId || !dueDate) {
    return res.status(400).json({ error: 'title, ownerId, dueDate required' })
  }

  const ncr = await prisma.nCR.findUnique({ where: { id } })
  if (!ncr) return res.status(404).json({ error: 'NCR not found' })

  const count = await prisma.cAPA.count()
  const ref = generateRef('CAPA', count)

  const capa = await prisma.cAPA.create({
    data: {
      ref, title,
      description: `Escalated from ${ncr.ref}: ${ncr.description}`,
      priority: priority || 'MEDIUM',
      ownerId, raisedById: user.id,
      dueDate: new Date(dueDate),
    },
    include: { owner: { select: { id: true, name: true, email: true } } },
  })

  await prisma.cAPAEvent.create({
    data: { capaId: capa.id, event: 'CAPA raised', note: `Escalated from ${ncr.ref} by ${user.name}` }
  })

  const updatedNcr = await prisma.nCR.update({
    where: { id },
    data: { status: 'ESCALATED', capaId: capa.id },
    include: { raisedBy: { select: { name: true } }, capa: { select: { ref: true } } },
  })

  await logAction(user.id, 'UPDATE', 'NCR', id, { status: ncr.status }, { status: 'ESCALATED', capaRef: capa.ref })
  await logAction(user.id, 'CREATE', 'CAPA', capa.id, null, { ref: capa.ref, fromNcr: ncr.ref })

  return res.status(201).json({ data: { ncr: updatedNcr, capa } })
}