const express = require('express');
const { check } = require('express-validator');
const {
  getUsers,
  getUser,
  createUser,
  updateUser,
  deleteUser,
  resetPassword
} = require('../controllers/userController');
const { protect, authorize } = require('../middleware/auth');
const { checkUserManagementAccess } = require('../middleware/companyAuth');

const router = express.Router();

// Protect all routes
router.use(protect);

// Get all users
router.get(
  '/',
  authorize('superadmin', 'companyadmin'),
  getUsers
);

// Get single user
router.get(
  '/:id',
  authorize('superadmin', 'companyadmin'),
  checkUserManagementAccess,
  getUser
);

// Create user
router.post(
  '/',
  authorize('superadmin', 'companyadmin'),
  [
    check('email', 'Please include a valid email').isEmail(),
    check('password', 'Please enter a password with 6 or more characters').isLength({ min: 6 }),
    check('role', 'Role is required').not().isEmpty(),
    check('companyId', 'Company ID is required for non-superadmin users').custom((value, { req }) => {
      if (req.body.role !== 'superadmin' && !value) {
        throw new Error('Company ID is required for non-superadmin users');
      }
      return true;
    })
  ],
  createUser
);

// Update user
router.put(
  '/:id',
  authorize('superadmin', 'companyadmin'),
  checkUserManagementAccess,
  updateUser
);

// Delete user
router.delete(
  '/:id',
  authorize('superadmin', 'companyadmin'),
  checkUserManagementAccess,
  deleteUser
);

// Reset password
router.put(
  '/:id/reset-password',
  authorize('superadmin', 'companyadmin'),
  checkUserManagementAccess,
  [
    check('newPassword', 'Please enter a password with 6 or more characters').isLength({ min: 6 })
  ],
  resetPassword
);

module.exports = router;