27 lines
1.5 KiB
TypeScript
27 lines
1.5 KiB
TypeScript
import { Router } from 'express';
|
|
import atemschutzController from '../controllers/atemschutz.controller';
|
|
import { authenticate } from '../middleware/auth.middleware';
|
|
import { requireGroups } from '../middleware/rbac.middleware';
|
|
|
|
const ADMIN_GROUPS = ['dashboard_admin'];
|
|
const WRITE_GROUPS = ['dashboard_admin', 'dashboard_kommandant'];
|
|
|
|
const router = Router();
|
|
|
|
// ── Read-only (any authenticated user) ───────────────────────────────────────
|
|
|
|
router.get('/', authenticate, atemschutzController.list.bind(atemschutzController));
|
|
router.get('/stats', authenticate, atemschutzController.getStats.bind(atemschutzController));
|
|
router.get('/:id', authenticate, atemschutzController.getOne.bind(atemschutzController));
|
|
|
|
// ── Write — admin + kommandant ───────────────────────────────────────────────
|
|
|
|
router.post('/', authenticate, requireGroups(WRITE_GROUPS), atemschutzController.create.bind(atemschutzController));
|
|
router.patch('/:id', authenticate, requireGroups(WRITE_GROUPS), atemschutzController.update.bind(atemschutzController));
|
|
|
|
// ── Delete — admin only ──────────────────────────────────────────────────────
|
|
|
|
router.delete('/:id', authenticate, requireGroups(ADMIN_GROUPS), atemschutzController.delete.bind(atemschutzController));
|
|
|
|
export default router;
|