"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.usersRouter = void 0;
const express_1 = require("express");
const client_1 = require("@prisma/client");
const users_service_1 = require("./users.service");
const users_schemas_1 = require("./users.schemas");
const validate_1 = require("../../middleware/validate");
const auth_middleware_1 = require("../../middleware/auth.middleware");
const rbac_middleware_1 = require("../../middleware/rbac.middleware");
const ADMIN_ROLES = [client_1.UserRole.SUPER_ADMIN, client_1.UserRole.INFLUENCE_ADMIN, client_1.UserRole.MAP_ADMIN];
const router = (0, express_1.Router)();
exports.usersRouter = router;
// All user routes require authentication
router.use(auth_middleware_1.authenticate);
// GET /api/users — list users (admin only)
router.get('/', (0, rbac_middleware_1.requireRole)(...ADMIN_ROLES), (0, validate_1.validate)(users_schemas_1.listUsersSchema, 'query'), async (req, res, next) => {
    try {
        const result = await users_service_1.usersService.findAll(req.query);
        res.json(result);
    }
    catch (err) {
        next(err);
    }
});
// GET /api/users/:id — get user (admin or self)
router.get('/:id', async (req, res, next) => {
    try {
        const id = req.params.id;
        const isAdmin = ADMIN_ROLES.includes(req.user.role);
        const isSelf = req.user.id === id;
        if (!isAdmin && !isSelf) {
            res.status(403).json({ error: { message: 'Insufficient permissions', code: 'FORBIDDEN' } });
            return;
        }
        const user = await users_service_1.usersService.findById(id);
        res.json(user);
    }
    catch (err) {
        next(err);
    }
});
// POST /api/users — create user (admin only)
router.post('/', (0, rbac_middleware_1.requireRole)(...ADMIN_ROLES), (0, validate_1.validate)(users_schemas_1.createUserSchema), async (req, res, next) => {
    try {
        const user = await users_service_1.usersService.create(req.body);
        res.status(201).json(user);
    }
    catch (err) {
        next(err);
    }
});
// PUT /api/users/:id — update user (admin or self, role changes admin-only)
router.put('/:id', async (req, res, next) => {
    try {
        const id = req.params.id;
        const isAdmin = ADMIN_ROLES.includes(req.user.role);
        const isSelf = req.user.id === id;
        if (!isAdmin && !isSelf) {
            res.status(403).json({ error: { message: 'Insufficient permissions', code: 'FORBIDDEN' } });
            return;
        }
        // Non-admins cannot change role or status
        if (!isAdmin) {
            delete req.body.role;
            delete req.body.status;
        }
        const parsed = users_schemas_1.updateUserSchema.parse(req.body);
        const user = await users_service_1.usersService.update(id, parsed);
        res.json(user);
    }
    catch (err) {
        next(err);
    }
});
// DELETE /api/users/:id — delete user (admin only)
router.delete('/:id', (0, rbac_middleware_1.requireRole)(...ADMIN_ROLES), async (req, res, next) => {
    try {
        const id = req.params.id;
        await users_service_1.usersService.delete(id);
        res.status(204).send();
    }
    catch (err) {
        next(err);
    }
});
//# sourceMappingURL=users.routes.js.map