const router = require('express').Router();
const { authMiddleware, requireRole } = require('../middleware/auth');
const { getPermissions, setPermission, getMyPermissions, getUserPermissions, setUserPermission, resetUserPermissions } = require('../controllers/permissionsController');

router.use(authMiddleware);

/* Any authenticated user can fetch their own effective permissions */
router.get('/me', getMyPermissions);

router.use(requireRole('admin'));

router.get('/',  getPermissions);
router.post('/', setPermission);

/* ── Per-user overrides ── */
router.get('/users/:id',         getUserPermissions);
router.post('/users/:id',        setUserPermission);
router.delete('/users/:id/reset', resetUserPermissions);

module.exports = router;