import { Router } from 'express';
import bannerController from '../controllers/banner.controller';
import { authenticate } from '../middleware/auth.middleware';
import { requirePermission } from '../middleware/rbac.middleware';

const router = Router();
const adminAuth = [authenticate, requirePermission('admin:write')] as const;

// Public (authenticated): get active banners
router.get('/active', authenticate, bannerController.getActive.bind(bannerController));
// Admin: manage banners
router.get('/', ...adminAuth, bannerController.getAll.bind(bannerController));
router.post('/', ...adminAuth, bannerController.create.bind(bannerController));
router.delete('/:id', ...adminAuth, bannerController.delete.bind(bannerController));

export default router;