const express = require('express');
const { check } = require('express-validator');
const {
  getCompanies,
  getCompany,
  createCompany,
  updateCompany,
  deleteCompany
} = require('../controllers/companyController');
const { protect, authorize } = require('../middleware/auth');

const router = express.Router();

// Protect all routes
router.use(protect);

// Get all companies
router.get('/', getCompanies);

// Get single company
router.get('/:id', getCompany);

// Create company - superadmin only
router.post(
  '/',
  authorize('superadmin'),
  [
    check('name', 'Company name is required').not().isEmpty()
  ],
  createCompany
);

// Update company - superadmin only
router.put(
  '/:id',
  authorize('superadmin'),
  [
    check('name', 'Company name is required').not().isEmpty()
  ],
  updateCompany
);

// Delete company - superadmin only
router.delete(
  '/:id',
  authorize('superadmin'),
  deleteCompany
);

module.exports = router;