const express = require('express');
const router = express.Router();
const auth = require('../middleware/authMiddleware');
const ctrl = require('../controller/companyStamp/CompanyStampController');

function adminOnly(req, res, next) {
  if (!req.user || !['admin','super_admin'].includes(req.user.role)) {
    return res.status(403).json({ error: 'Admin role required' });
  }
  next();
}

// NEW: ensure service sees a "company" user_type for admin users
function forceCompanyForAdmin(req, res, next) {
  if (req.user && ['admin','super_admin'].includes(req.user.role) && req.user.user_type !== 'company') {
    req.user.user_type = 'company'; // mimic company to satisfy service checks
  }
  next();
}

// NOTE: For primary company (id=1) only one stamp is allowed. Uploading again returns 409 with existing preview.
router.post('/company-stamps', auth, adminOnly, forceCompanyForAdmin, ctrl.upload);
router.get('/company-stamps/mine', auth, adminOnly, forceCompanyForAdmin, ctrl.listMine);
router.get('/company-stamps/mine/active', auth, adminOnly, forceCompanyForAdmin, ctrl.activeMine);
router.patch('/company-stamps/:id/activate', auth, adminOnly, forceCompanyForAdmin, ctrl.activate);
router.delete('/company-stamps/:id', auth, adminOnly, forceCompanyForAdmin, ctrl.delete);

module.exports = router;

/*
Mount example (in main app):
const companyStampRoutes = require('./routes/companyStamps');
app.use('/api', companyStampRoutes);
*/