import { Router } from 'express';
import { companiesController } from './companies.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';

const router = Router();

// All routes require authentication
router.use(authenticate);

// List companies (admin, manager)
router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
  companiesController.findAll(req, res, next)
);

// Get company hierarchy tree (must be before /:id to avoid conflict)
router.get('/hierarchy/tree', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
  companiesController.getHierarchy(req, res, next)
);

// Get company by ID
router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
  companiesController.findById(req, res, next)
);

// Create company (admin only)
router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) =>
  companiesController.create(req, res, next)
);

// Update company (admin only)
router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
  companiesController.update(req, res, next)
);

// Delete company (admin only)
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
  companiesController.delete(req, res, next)
);

// Get users assigned to company
router.get('/:id/users', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
  companiesController.getUsers(req, res, next)
);

// Get subsidiaries (child companies)
router.get('/:id/subsidiaries', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
  companiesController.getSubsidiaries(req, res, next)
);

export default router;