helpyourneighbour/backend/middleware/role.middleware.cjs

// Role-based access control middleware
const requireRole = (requiredRoles) => {
  return (req, res, next) => {
    // Check if user is authenticated
    if (!req.user) {
      return res.status(401).json({ 
        error: 'Authentication required' 
      });
    }

    // Check if user has the required role
    const userRole = req.user.role;
    
    if (!userRole || !requiredRoles.includes(userRole)) {
      // User does not have the required role, deny access
      return res.status(403).json({ 
        error: 'Insufficient permissions' 
      });
    }
    
    // User has the required role, allow access
    next();
  };
};

module.exports = { requireRole };
feat: Add role-based access control middleware and tests 2026-03-17 22:08:53 +00:00			`// Role-based access control middleware`
			`const requireRole = (requiredRoles) => {`
			`return (req, res, next) => {`
			`// Check if user is authenticated`
			`if (!req.user) {`
			`return res.status(401).json({`
			`error: 'Authentication required'`
			`});`
			`}`

			`// Check if user has the required role`
			`const userRole = req.user.role;`

			`if (!userRole \|\| !requiredRoles.includes(userRole)) {`
			`// User does not have the required role, deny access`
			`return res.status(403).json({`
			`error: 'Insufficient permissions'`
			`});`
			`}`

			`// User has the required role, allow access`
			`next();`
			`};`
			`};`

			`module.exports = { requireRole };`