import express from 'express';
import { userService } from '../services/userService.js';
import { auth } from '../middleware/auth';
import { Request, Response } from 'express';
import { User } from '../../src/types/auth.ts';

const router = express.Router();

router.get('/', auth, async (req: Request, res: Response) => {
  try {
    if (!req.user?.permissions.isAdmin) {
      return res.status(403).json({ error: 'Admin access required' });
    }
    const users = await userService.getUsers();
    res.json(users);
  } catch (error) {
    res.status(500).json({ error: 'Server error' });
  }
});

router.put('/:id/permissions', auth, async (req: Request, res: Response) => {
  try {
    if (!req.user?.permissions.isAdmin) {
      return res.status(403).json({ error: 'Admin access required' });
    }
    const { id } = req.params;
    const { permissions } = req.body;
    const user = await userService.updateUserPermissions(id, permissions);
    res.json(user);
  } catch (error) {
    res.status(500).json({ error: 'Server error' });
  }
});

export default router;