import { Router } from 'express';
import * as partController from '../controllers/partController.js';
import { extractUser, requireAdmin } from '../middleware/roleMiddleware.js';

const router = Router();

// Public routes (read-only)
router.get('/', extractUser, partController.getAllParts);
router.get('/project/:projectId', extractUser, partController.getPartsByProject);

// Protected routes (require admin permission)
router.post('/', extractUser, requireAdmin, partController.createPart);
router.put('/:id', extractUser, requireAdmin, partController.updatePart);
router.delete('/:id', extractUser, requireAdmin, partController.deletePart);

export default router;