/**
 * User Routes
 */

const express = require('express');
const router = express.Router();
const userController = require('../controllers/userController');
const permissionController = require('../controllers/permissionController');
const { requireAuth, requireAdminOrPermission } = require('../middleware/auth');

const userPerm = requireAdminOrPermission('tkuser.users');

// 사용자 CRUD
router.get('/', userPerm, userController.getUsers);
router.post('/', userPerm, userController.createUser);
router.put('/:id', userPerm, userController.updateUser);
router.delete('/:id', userPerm, userController.deleteUser);

// 비밀번호 관리
router.post('/:id/reset-password', userPerm, userController.resetPassword);
router.post('/change-password', requireAuth, userController.changePassword);

// 사용자별 페이지 권한 조회 (auth - /api/users/:id/page-permissions)
router.get('/:id/page-permissions', requireAuth, permissionController.getUserPermissions);

module.exports = router;