paths:
  # ─── GetConfig ────────────────────────────────────────────────────────────
  "/?ctrl=staffManagementCtl&api=getConfig&ver=v1":
    post:
      operationId: getConfig
      summary: Get configuration (roles, statuses, session expiry)
      description: |
        Permission: **Any authenticated staff**

        Client calls this on startup to load dropdown values and session management settings.
        - `roles` excludes `OWNER` (not creatable via UI).
        - `session_expiry_seconds` — client must force logout when exceeded.
      tags: [staffManagement]
      responses:
        "200":
          description: Config values — DTO returned directly
          content:
            application/json:
              schema:
                $ref: "../components.yaml#/components/schemas/GetConfigResponse"
              example:
                roles: ["ADMIN", "STAFF"]
                statuses: ["active", "inactive", "locked"]
                session_expiry_seconds: 3600
        "400":
          $ref: "../components.yaml#/components/responses/ClientError"
        "500":
          $ref: "../components.yaml#/components/responses/ServerError"