using Back.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Shared.DTOs;

namespace Back.Controllers
{
    [Route("api/[controller]")]
    [Authorize]
    [ApiController]
    public class CustomerController : ControllerBase
    {
        private readonly CheckPermission _checkPermission;
        private readonly servUser _servUser;
        private readonly servCustomer _servCus;
        public CustomerController(CheckPermission checkPermission, servUser servUser, servCustomer servCus)
        {

            _checkPermission = checkPermission;
            _servUser = servUser;
            _servCus = servCus;
        }
        [HttpPost("GetAll")]
        public async Task<ActionResult<PagingDto<RCustomer>>> GetAll(ItemSerchGetCustomer itemSerch)
        {
            var claim = HttpContext.User.Claims.First(c => c.Type == "UserID");
            var UserID = claim.Value;
            var user = await _servUser.GetUserByUserID(Convert.ToInt32(UserID));

            if (!await _checkPermission.AllowSYSGetCustomer(Convert.ToInt32(UserID), user.RolUsers.First().CompanyID)) return Forbid( "شما دسترسی به خواندن اطلاعات مشتری را نداربد");

            return Ok(await _servCus.GetCustomers(user.RolUsers.First().CompanyID, itemSerch));


        }
    }
}