import { Router } from 'express';
import { accessController } from '../controllers/access.controller';
import { authenticate, hasPermission } from '../middlewares/auth.middleware';
import { validate } from '../middlewares/validation.middleware';
import { accessValidators } from '../validators/access.validator';
import authConfig from '../../config/auth';

// Create router
const router = Router();

// All routes require authentication
router.use(authenticate);

// Routes for managing access entries
router.get(
  '/',
  hasPermission([authConfig.permissions.manageAccess]),
  accessController.getAllAccess.bind(accessController)
);

router.get(
  '/:id',
  hasPermission([authConfig.permissions.manageAccess]),
  accessController.getAccessById.bind(accessController)
);

router.post(
  '/',
  hasPermission([authConfig.permissions.manageAccess]),
  validate(accessValidators.createAccess),
  accessController.createAccess.bind(accessController)
);

router.put(
  '/:id',
  hasPermission([authConfig.permissions.manageAccess]),
  validate(accessValidators.updateAccess),
  accessController.updateAccess.bind(accessController)
);

router.delete(
  '/:id',
  hasPermission([authConfig.permissions.manageAccess]),
  accessController.deleteAccess.bind(accessController)
);

// Routes for user-specific access
router.get(
  '/user/:userId',
  hasPermission([authConfig.permissions.manageAccess, authConfig.permissions.readUser]),
  accessController.getUserAccess.bind(accessController)
);

router.delete(
  '/user/:userId/revoke-all',
  hasPermission([authConfig.permissions.manageAccess]),
  accessController.revokeAllAccessForUser.bind(accessController)
);

// Routes for restaurant-specific access
router.get(
  '/restaurant/:restaurantId',
  hasPermission([authConfig.permissions.manageAccess, authConfig.permissions.readRestaurant]),
  accessController.getRestaurantUsers.bind(accessController)
);

// Routes for permission management
router.patch(
  '/:id/permissions/add',
  hasPermission([authConfig.permissions.manageAccess]),
  validate(accessValidators.modifyPermissions),
  accessController.addPermissions.bind(accessController)
);

router.patch(
  '/:id/permissions/remove',
  hasPermission([authConfig.permissions.manageAccess]),
  validate(accessValidators.modifyPermissions),
  accessController.removePermissions.bind(accessController)
);

// Bulk operations
router.post(
  '/bulk-assign',
  hasPermission([authConfig.permissions.manageAccess]),
  validate(accessValidators.bulkAssignAccess),
  accessController.bulkAssignAccess.bind(accessController)
);

// Access check endpoint
router.get(
  '/check',
  accessController.checkAccess.bind(accessController)
);

export default router;