import { Router } from 'express';
import equipmentController from '../controllers/equipment.controller';
import { authenticate } from '../middleware/auth.middleware';
import { requirePermission } from '../middleware/rbac.middleware';
import { uploadWartung } from '../middleware/upload';

const router = Router();

// ── Read-only (any authenticated user) ───────────────────────────────────────

router.get('/',                    authenticate, requirePermission('ausruestung:view'), equipmentController.listEquipment.bind(equipmentController));
router.get('/stats',               authenticate, requirePermission('ausruestung:view'), equipmentController.getStats.bind(equipmentController));
router.get('/alerts',              authenticate, requirePermission('ausruestung:view'), equipmentController.getAlerts.bind(equipmentController));
router.get('/categories',          authenticate, requirePermission('ausruestung:view'), equipmentController.getCategories.bind(equipmentController));
router.get('/vehicle-warnings',    authenticate, equipmentController.getVehicleWarnings.bind(equipmentController));
router.get('/vehicle/:fahrzeugId', authenticate, equipmentController.getByVehicle.bind(equipmentController));
router.get('/:id',                 authenticate, equipmentController.getEquipment.bind(equipmentController));
router.get('/:id/status-history',  authenticate, equipmentController.getStatusHistory.bind(equipmentController));

// ── Write — gruppenfuehrer+ ────────────────────────────────────────────────

router.post('/',           authenticate, requirePermission('ausruestung:create'), equipmentController.createEquipment.bind(equipmentController));
router.patch('/:id',       authenticate, requirePermission('ausruestung:create'), equipmentController.updateEquipment.bind(equipmentController));
router.patch('/:id/status', authenticate, requirePermission('ausruestung:create'), equipmentController.updateStatus.bind(equipmentController));
router.post('/:id/wartung', authenticate, requirePermission('ausruestung:manage_maintenance'), equipmentController.addWartung.bind(equipmentController));
router.post('/wartung/:wartungId/upload', authenticate, requirePermission('ausruestung:manage_maintenance'), uploadWartung.single('datei'), equipmentController.uploadWartungFile.bind(equipmentController));

// ── Delete — admin only ──────────────────────────────────────────────────────

router.delete('/:id', authenticate, requirePermission('ausruestung:delete'), equipmentController.deleteEquipment.bind(equipmentController));

export default router;