import {
  ExpressController,
  authGuard,
  errorMapper,
  forbidQueryFieldGuard,
  tenantGuard,
} from "@erp/core/api";
import { CreateCustomerRequestDTO } from "../../../../common/dto";
import { CreateCustomerUseCase } from "../../../application";

export class CreateCustomerController extends ExpressController {
  public constructor(private readonly useCase: CreateCustomerUseCase) {
    super();
    // 🔐 Reutiliza guards de auth/tenant y prohíbe 'companyId' en query
    this.useGuards(authGuard(), tenantGuard(), forbidQueryFieldGuard("companyId"));
  }

  protected async executeImpl() {
    const tenantId = this.getTenantId()!; // garantizado por tenantGuard
    const dto = this.req.body as CreateCustomerRequestDTO;
    /*
      // Inyectar empresa del usuario autenticado (ownership)
      dto.customerCompanyId = user.companyId;
    */

    const result = await this.useCase.execute({ tenantId, dto });

    return result.match(
      (data) => this.created(data),
      (err) => this.handleApiError(errorMapper.toApiError(err))
    );
  }
}