appointment_system/backend/src/routes/adminUserRoutes.js

const express = require('express');
const router = express.Router();
const adminUserController = require('../controllers/adminUserController');
const { authenticateAdmin } = require('../middleware/auth');
const { logAdminOperation } = require('../middleware/adminLogger');
const { requireRole } = require('../middleware/rbac');

/**
 * Admin User Management Routes
 * Base path: /api/v1/admin/users
 * All routes require admin authentication
 */

/**
 * @route   GET /api/v1/admin/users/export/csv
 * @desc    Export users to CSV
 * @access  Private (Admin)
 */
router.get(
  '/export/csv',
  authenticateAdmin,
  requireRole(['super_admin', 'admin']),
  logAdminOperation,
  adminUserController.exportUsersToCSV
);

/**
 * @route   GET /api/v1/admin/users
 * @desc    Get user list with pagination and filters
 * @access  Private (Admin)
 */
router.get(
  '/',
  authenticateAdmin,
  requireRole(['super_admin', 'admin', 'operator']),
  logAdminOperation,
  adminUserController.getUserList
);

/**
 * @route   GET /api/v1/admin/users/:id
 * @desc    Get user details
 * @access  Private (Admin)
 */
router.get(
  '/:id',
  authenticateAdmin,
  requireRole(['super_admin', 'admin', 'operator']),
  logAdminOperation,
  adminUserController.getUserDetails
);

/**
 * @route   PUT /api/v1/admin/users/:id/status
 * @desc    Update user status (active/suspended)
 * @access  Private (Admin)
 */
router.put(
  '/:id/status',
  authenticateAdmin,
  requireRole(['super_admin', 'admin']),
  logAdminOperation,
  adminUserController.updateUserStatus
);

/**
 * @route   DELETE /api/v1/admin/users/:id
 * @desc    Delete user and all related data
 * @access  Private (Super Admin only)
 */
router.delete(
  '/:id',
  authenticateAdmin,
  requireRole(['super_admin']),
  logAdminOperation,
  adminUserController.deleteUser
);

module.exports = router;