import { Controller, Get, Post, Put, Delete, Param, Body, UseGuards, Query } from '@nestjs/common';
import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
import { OrderService } from '../services/order.service';
import { CreateOrderDto } from '../dto/create-order.dto';
import { UpdateOrderDto } from '../dto/update-order.dto';
import { Permissions } from '../auth/decorators/permissions.decorator';
import { RbacGuard } from '../auth/guards/rbac.guard';
import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';

@ApiTags('Orders')
@Controller('orders')
@UseGuards(JwtAuthGuard, RbacGuard)
export class OrderController {
  constructor(private readonly orderService: OrderService) {}

  @Get()
  @ApiOperation({ summary: 'Get all orders' })
  @ApiResponse({ status: 200, description: 'Returns list of orders' })
  @Permissions('manager:orders', 'admin:orders', 'worker:orders')
  async findAll() {
    return this.orderService.findAll();
  }

  @Get(':id')
  @ApiOperation({ summary: 'Get order by ID' })
  @ApiResponse({ status: 200, description: 'Returns order details' })
  @Permissions('manager:orders', 'admin:orders', 'worker:orders')
  async findOne(@Param('id') id: string) {
    return this.orderService.findOne(id);
  }

  @Post()
  @ApiOperation({ summary: 'Create new order' })
  @ApiResponse({ status: 201, description: 'Order created successfully' })
  @Permissions('manager:orders', 'admin:orders')
  async create(@Body() createOrderDto: CreateOrderDto) {
    return this.orderService.create(createOrderDto);
  }

  @Put(':id')
  @ApiOperation({ summary: 'Update order' })
  @ApiResponse({ status: 200, description: 'Order updated successfully' })
  @Permissions('manager:orders', 'admin:orders')
  async update(
    @Param('id') id: string,
    @Body() updateOrderDto: UpdateOrderDto,
  ) {
    return this.orderService.update(id, updateOrderDto);
  }

  @Delete(':id')
  @ApiOperation({ summary: 'Delete order' })
  @ApiResponse({ status: 200, description: 'Order deleted successfully' })
  @Permissions('admin:orders')
  async remove(@Param('id') id: string) {
    return this.orderService.remove(id);
  }

  @Get('customer/:customerId')
  @ApiOperation({ summary: 'Get orders by customer' })
  @ApiResponse({ status: 200, description: 'Returns orders by customer' })
  @Permissions('manager:orders', 'admin:orders', 'worker:orders')
  async findByCustomer(@Param('customerId') customerId: string) {
    return this.orderService.findByCustomer(customerId);
  }

  @Get('status/:status')
  @ApiOperation({ summary: 'Get orders by status' })
  @ApiResponse({ status: 200, description: 'Returns orders by status' })
  @Permissions('manager:orders', 'admin:orders', 'worker:orders')
  async findByStatus(@Param('status') status: string) {
    return this.orderService.findByStatus(status);
  }

  @Put(':id/payment-status')
  @ApiOperation({ summary: 'Update order payment status' })
  @ApiResponse({ status: 200, description: 'Payment status updated successfully' })
  @Permissions('manager:orders', 'admin:orders')
  async updatePaymentStatus(
    @Param('id') id: string,
    @Body() body: { status: 'pending' | 'paid' | 'failed' },
  ) {
    return this.orderService.updatePaymentStatus(id, body.status);
  }
}