import { authGuard, ExpressController, forbidQueryFieldGuard, tenantGuard } from "@erp/core/api";
import { UpdateCustomerByIdRequestDTO } from "../../../../common/dto";
import { UpdateCustomerUseCase } from "../../../application";
import { customersApiErrorMapper } from "../customer-api-error-mapper";

export class UpdateCustomerController extends ExpressController {
  public constructor(private readonly useCase: UpdateCustomerUseCase) {
    super();
    this.errorMapper = customersApiErrorMapper;

    // 🔐 Reutiliza guards de auth/tenant y prohíbe 'companyId' en query
    this.registerGuards(authGuard(), tenantGuard(), forbidQueryFieldGuard("companyId"));
  }

  protected async executeImpl() {
    const companyId = this.getTenantId();
    if (!companyId) {
      return this.forbiddenError("Tenant ID not found");
    }
    const { customer_id } = this.req.params;
    const dto = this.req.body as UpdateCustomerByIdRequestDTO;

    const result = await this.useCase.execute({ customer_id, companyId, dto });

    return result.match(
      (data) => this.ok(data),
      (err) => this.handleError(err)
    );
  }
}