'use strict';
/* /api/roles — конструктор кастомных ролей (admin). См. rolesController. */
const router = require('express').Router();
const { authMiddleware, requireRole } = require('../middleware/auth');
const c = require('../controllers/rolesController');

router.use(authMiddleware);

router.get('/',                  requireRole('admin'), c.listRoles);
router.post('/',                 requireRole('admin'), c.createRole);
router.get('/:name/permissions', requireRole('admin'), c.getRolePermissions);
router.put('/:name',             requireRole('admin'), c.updateRole);
router.delete('/:name',          requireRole('admin'), c.deleteRole);

module.exports = router;