import { Router } from 'express';
import * as contractCategoryController from '../controllers/contractCategory.controller.js';
import { authenticate, requirePermission } from '../middleware/auth.js';

const router = Router();

// Lesen für alle authentifizierten Benutzer
router.get('/', authenticate, contractCategoryController.getContractCategories);
router.get('/:id', authenticate, contractCategoryController.getContractCategory);

// Ändern/Löschen nur mit Entwickler-Berechtigung (Vertragstypen erfordern Formular-Anpassungen)
router.post('/', authenticate, requirePermission('developer:access'), contractCategoryController.createContractCategory);
router.put('/:id', authenticate, requirePermission('developer:access'), contractCategoryController.updateContractCategory);
router.delete('/:id', authenticate, requirePermission('developer:access'), contractCategoryController.deleteContractCategory);

export default router;