import { Router } from 'express';
import atemschutzController from '../controllers/atemschutz.controller';
import { authenticate } from '../middleware/auth.middleware';
import { requirePermission } from '../middleware/rbac.middleware';

const router = Router();

// ── Read-only (any authenticated user) ───────────────────────────────────────

router.get('/',           authenticate, atemschutzController.list.bind(atemschutzController));
router.get('/stats',      authenticate, atemschutzController.getStats.bind(atemschutzController));
router.get('/my-status',  authenticate, atemschutzController.getMyStatus.bind(atemschutzController));
router.get('/:id',        authenticate, atemschutzController.getOne.bind(atemschutzController));

// ── Write — gruppenfuehrer+ ─────────────────────────────────────────────────

router.post('/',     authenticate, requirePermission('atemschutz:write'), atemschutzController.create.bind(atemschutzController));
router.patch('/:id', authenticate, requirePermission('atemschutz:write'), atemschutzController.update.bind(atemschutzController));

// ── Delete — kommandant+ ────────────────────────────────────────────────────

router.delete('/:id', authenticate, requirePermission('atemschutz:delete'), atemschutzController.delete.bind(atemschutzController));

export default router;