helpyourneighbour/backend/middleware/role.middleware.js

// Role-based access control middleware
const requireRole = (requiredRoles) => {
  return (req, res, next) => {
    // Check if user is authenticated
    if (!req.user) {
      return res.status(401).json({ 
        error: 'Authentication required' 
      });
    }

    // Check if user has the required role
    const userRole = req.user.role;
    
    if (requiredRoles.includes(userRole)) {
      // User has the required role, allow access
      next();
    } else {
      // User does not have the required role, deny access
      return res.status(403).json({ 
        error: 'Insufficient permissions' 
      });
    }
  };
};

export { requireRole };
feat: Implement role-based access control middleware and tests 2026-03-17 10:09:15 +00:00			`// Role-based access control middleware`
			`const requireRole = (requiredRoles) => {`
feat: Implement role-based access control middleware and update documentation 2026-03-16 03:06:38 +00:00			`return (req, res, next) => {`
feat: Implement role-based access control middleware and tests 2026-03-17 10:09:15 +00:00			`// Check if user is authenticated`
			`if (!req.user) {`
			`return res.status(401).json({`
			`error: 'Authentication required'`
			`});`
feat: Implement role-based access control middleware and update documentation 2026-03-16 03:06:38 +00:00			`}`
feat: Add role middleware and update permissions documentation 2026-03-16 07:06:43 +00:00
feat: Implement role-based access control middleware and tests 2026-03-17 10:09:15 +00:00			`// Check if user has the required role`
			`const userRole = req.user.role;`

feat: Add role middleware and update permissions documentation 2026-03-16 07:06:43 +00:00			`if (requiredRoles.includes(userRole)) {`
feat: Implement role-based access control middleware and tests 2026-03-17 10:09:15 +00:00			`// User has the required role, allow access`
			`next();`
feat: Add role middleware and update permissions documentation 2026-03-16 07:06:43 +00:00			`} else {`
feat: Implement role-based access control middleware and tests 2026-03-17 10:09:15 +00:00			`// User does not have the required role, deny access`
			`return res.status(403).json({`
			`error: 'Insufficient permissions'`
			`});`
feat: Implement role-based access control middleware and update documentation 2026-03-16 03:06:38 +00:00			`}`
			`};`
feat: Implement role-based access control middleware and tests 2026-03-17 10:09:15 +00:00			`};`

feat: Add role-based access control tests and fix middleware export This commit adds comprehensive unit tests for the role-based access control middleware and fixes the ES module export issue. The tests verify that users with correct roles can access protected routes, while users with incorrect roles or no authentication are properly denied access. 2026-03-17 19:07:03 +00:00			`export { requireRole };`