import { Response } from 'express';
import { AuthRequest } from '../../../middleware/auth';
import { userService } from '../../../services/userService.js';

export async function getUsers(req: AuthRequest, res: Response) {
  try {
    if (!req.user?.permissions.isAdmin) {
      return res.status(403).json({ error: 'Admin access required' });
    }
    const users = await userService.getUsers();
    res.json(users);
  } catch {
    res.status(500).json({ error: 'Server error' });
  }
}

export async function updateUserPermissions(req: AuthRequest, res: Response) {
  try {
    if (!req.user?.permissions.isAdmin) {
      return res.status(403).json({ error: 'Admin access required' });
    }
    const { id } = req.params;
    const { permissions } = req.body;
    const user = await userService.updateUserPermissions(id, permissions);
    res.json(user);
  } catch {
    res.status(500).json({ error: 'Server error' });
  }
}