using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Webshop.Application.DTOs.Users; // UserDto
using Webshop.Application.Services.Admin;

namespace Webshop.Api.Controllers.Admin
{
    [ApiController]
    [Route("api/v1/admin/[controller]")] // z.B. /api/v1/admin/users
    [Authorize(Roles = "Admin")] // Nur Benutzer mit der Rolle "Admin" dürfen zugreifen
    public class AdminUsersController : ControllerBase
    {
        private readonly AdminUserService _adminUserService;

        public AdminUsersController(AdminUserService adminUserService)
        {
            _adminUserService = adminUserService;
        }

        [HttpGet] // /api/v1/admin/users
        public async Task<ActionResult<IEnumerable<UserDto>>> GetAllUsers()
        {
            var users = await _adminUserService.GetAllUsersAsync();
            return Ok(users);
        }

        [HttpGet("{userId}")] // /api/v1/admin/users/{userId}
        public async Task<ActionResult<UserDto>> GetUserById(string userId)
        {
            var user = await _adminUserService.GetUserByIdAsync(userId);
            if (user == null) return NotFound();
            return Ok(user);
        }
        // TODO: Hier könnten weitere Methoden für User-Verwaltung (Rollen ändern, löschen etc.) hinzukommen
    }
}