import { jsonError } from "../../../common.js";

export async function onRequestPost(context: RequestContext) {
  const { current_user: user } = context.data;

  if (!user) return jsonError("You are not logged in", 401);

  if (![1 << 4, 1 << 12].find((p) => user.permissions & p))
    return jsonError("No permission to edit points", 403);

  const { points } = context.data.body;

  if (typeof points !== "number") return jsonError("Invalid point count", 400);

  await context.env.D1.prepare("UPDATE et_members SET points = ? WHERE id = ?;")
    .bind(points, context.params.id)
    .run();

  return new Response(null, {
    status: 204,
  });
}