mutation CreateCertificate(
  $name: String!
  $description: String
  $expiry: Timestamp
  $status: CertificateStatus!
  $fileUrl: String
  $icon: String
  $certificationType: ComplianceType!
  $issuer: String
  $staffId: UUID!
  $validationStatus: ValidationStatus
  $certificateNumber: String
) @auth(level: USER, insecureReason: "The staffId refers to the staff being modified. Ownership is verified at the application layer.") {
  certificate_insert(
    data: {
      name: $name
      description: $description
      expiry: $expiry
      status: $status
      fileUrl: $fileUrl
      icon: $icon
      staffId: $staffId
      certificationType: $certificationType
      issuer: $issuer
      validationStatus: $validationStatus
      certificateNumber: $certificateNumber
    }
  )
}

mutation UpdateCertificate(
  $staffId: UUID!
  $certificationType: ComplianceType!
  $name: String
  $description: String
  $expiry: Timestamp
  $status: CertificateStatus
  $fileUrl: String
  $icon: String
  $issuer: String
  $validationStatus: ValidationStatus
  $certificateNumber: String
) @auth(level: USER, insecureReason: "The staffId refers to the staff being modified. Ownership is verified at the application layer.") {
  certificate_update(
    key: { staffId: $staffId, certificationType: $certificationType }
    data: {
      name: $name
      description: $description
      expiry: $expiry
      status: $status
      fileUrl: $fileUrl
      icon: $icon
      issuer: $issuer
      validationStatus: $validationStatus
      certificateNumber: $certificateNumber
    }
  )
}

mutation DeleteCertificate($staffId: UUID!, $certificationType: ComplianceType!)
@auth(level: USER, insecureReason: "The staffId refers to the staff being modified. Ownership is verified at the application layer.") {
  certificate_delete(
    key: { staffId: $staffId, certificationType: $certificationType }
  )
}

# UPSERT STAFF CERTIFICATE
# Creates the certificate record if it does not exist, or updates
# it if it already exists (matched by staffId + certificationType key).
# Use this when uploading a certificate for the first time or
# updating an existing one.
#
# To update multiple certificates in a single network call, use
# aliased mutations in one GraphQL request from the client:
#
# mutation {
#   cert1: upsertStaffCertificate(staffId: $id, certificationType: BACKGROUND_CHECK, ...)
#   cert2: upsertStaffCertificate(staffId: $id, certificationType: FOOD_HANDLER, ...)
# }
# ------------------------------------------------------------
mutation upsertStaffCertificate(
  $staffId: UUID!
  $certificationType: ComplianceType!
  $name: String!
  $status: CertificateStatus!
  $fileUrl: String
  $expiry: Timestamp
  $issuer: String
  $certificateNumber: String
  $validationStatus: ValidationStatus
) @auth(level: USER, insecureReason: "The staffId refers to the staff being modified. Ownership is verified at the application layer.") {
  certificate_upsert(
    data: {
      staffId: $staffId
      certificationType: $certificationType
      name: $name
      status: $status
      fileUrl: $fileUrl
      expiry: $expiry
      issuer: $issuer
      certificateNumber: $certificateNumber
      validationStatus: $validationStatus
    }
  )
}