'use strict';
const express = require('express');
const router  = express.Router();
const { authMiddleware, requireRole } = require('../middleware/auth');
const c = require('../controllers/studentMaterialsController');

router.use(authMiddleware);

// Teacher hands a material out to a class/student (copies to recipients)
router.post('/:id/share', requireRole('teacher', 'admin'), c.share);

router.get('/',  c.list);
router.post('/', c.create);

// Collections (folders) — literal '/collections' prefix before '/:id'
router.post('/collections', c.createCollection);
// @public-by-design: router-level authMiddleware (above) + per-row ownership check in handler
router.patch('/collections/:id',  c.updateCollection);
// @public-by-design: router-level authMiddleware (above) + per-row ownership check in handler
router.delete('/collections/:id', c.deleteCollection);

// @public-by-design: router-level authMiddleware (above) + per-row ownership check in handler
router.patch('/:id',  c.update);
// @public-by-design: router-level authMiddleware (above) + per-row ownership check in handler
router.delete('/:id', c.remove);

module.exports = router;