2026-03-15 21:07:22 +00:00
|
|
|
// middleware/requireRole.js
|
2026-03-15 22:06:51 +00:00
|
|
|
const requireRole = (allowedRoles) => {
|
2026-03-15 20:07:14 +00:00
|
|
|
return (req, res, next) => {
|
2026-03-15 22:06:51 +00:00
|
|
|
const userRole = req.user?.role;
|
2026-03-15 20:07:14 +00:00
|
|
|
|
2026-03-15 22:06:51 +00:00
|
|
|
if (!userRole) {
|
|
|
|
|
return res.status(401).json({ error: 'Authorization required' });
|
2026-03-15 20:07:14 +00:00
|
|
|
}
|
2026-03-15 22:06:51 +00:00
|
|
|
|
|
|
|
|
if (!allowedRoles.includes(userRole)) {
|
|
|
|
|
return res.status(403).json({ error: 'Insufficient permissions' });
|
2026-03-15 20:07:14 +00:00
|
|
|
}
|
2026-03-15 22:06:51 +00:00
|
|
|
|
|
|
|
|
next();
|
2026-03-15 20:07:14 +00:00
|
|
|
};
|
2026-03-15 22:06:51 +00:00
|
|
|
};
|
2026-03-15 21:07:22 +00:00
|
|
|
|
|
|
|
|
module.exports = requireRole;
|
