#!/usr/bin/env node
require('dotenv').config();
const DIRECTUS_URL = process.env.DIRECTUS_URL || 'https://cms.dk0.dev';
const DIRECTUS_TOKEN = process.env.DIRECTUS_STATIC_TOKEN;

async function setPublicPermissions() {
  console.log('🔓 Setze Public-Berechtigungen für Book Reviews...');

  // Wir holen die ID der Public Rolle
  const rolesRes = await fetch(`${DIRECTUS_URL}/roles`, { headers: { 'Authorization': `Bearer ${DIRECTUS_TOKEN}` } });
  const roles = await rolesRes.json();
  const publicRole = roles.data.find(r => r.name.toLowerCase() === 'public');

  if (!publicRole) return console.error('Public Rolle nicht gefunden.');

  const collections = ['book_reviews', 'book_reviews_translations'];

  for (const coll of collections) {
    console.log(`- Erlaube Lesezugriff auf ${coll}`);
    await fetch(`${DIRECTUS_URL}/permissions`, {
      method: 'POST',
      headers: { 'Authorization': `Bearer ${DIRECTUS_TOKEN}`, 'Content-Type': 'application/json' },
      body: JSON.stringify({
        role: publicRole.id,
        collection: coll,
        action: 'read',
        permissions: {},
        validation: null,
        fields: ['*']
      })
    });
  }

  console.log('✅ Fertig! Die Website sollte die Daten jetzt lesen können.');
}

setPublicPermissions().catch(console.error);