// routes/roles.js
const express = require('express');
const router = express.Router();
const requireRole = require('../middleware/requireRole');

// Mock roles database (in real app, this would be a real DB)
const roles = [
  { id: 1, name: 'user', description: 'Standard user role' },
  { id: 2, name: 'moderator', description: 'Moderation role' },
  { id: 3, name: 'admin', description: 'Administrator role' }
];

// Get all roles (requires admin)
router.get('/', requireRole(['admin']), (req, res) => {
  res.json(roles);
});

// Get role by ID (requires admin)
router.get('/:id', requireRole(['admin']), (req, res) => {
  const role = roles.find(r => r.id === parseInt(req.params.id));
  if (!role) {
    return res.status(404).json({ error: 'Role not found' });
  }
  res.json(role);
});

// Update role permissions (requires admin)
router.put('/:id', requireRole(['admin']), (req, res) => {
  const roleIndex = roles.findIndex(r => r.id === parseInt(req.params.id));
  if (roleIndex === -1) {
    return res.status(404).json({ error: 'Role not found' });
  }
  
  const { name, description } = req.body;
  if (name) roles[roleIndex].name = name;
  if (description) roles[roleIndex].description = description;
  
  res.json(roles[roleIndex]);
});

module.exports = router;