2026-03-17 10:09:15 +00:00
|
|
|
// Role-based access control middleware
|
|
|
|
|
const requireRole = (requiredRoles) => {
|
2026-03-16 03:06:38 +00:00
|
|
|
return (req, res, next) => {
|
2026-03-17 10:09:15 +00:00
|
|
|
// Check if user is authenticated
|
|
|
|
|
if (!req.user) {
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
error: 'Authentication required'
|
|
|
|
|
});
|
2026-03-16 03:06:38 +00:00
|
|
|
}
|
2026-03-16 07:06:43 +00:00
|
|
|
|
2026-03-17 10:09:15 +00:00
|
|
|
// Check if user has the required role
|
|
|
|
|
const userRole = req.user.role;
|
|
|
|
|
|
2026-03-17 22:08:53 +00:00
|
|
|
if (!userRole || !requiredRoles.includes(userRole)) {
|
2026-03-17 10:09:15 +00:00
|
|
|
// User does not have the required role, deny access
|
|
|
|
|
return res.status(403).json({
|
|
|
|
|
error: 'Insufficient permissions'
|
|
|
|
|
});
|
2026-03-16 03:06:38 +00:00
|
|
|
}
|
2026-03-17 22:08:53 +00:00
|
|
|
|
|
|
|
|
// User has the required role, allow access
|
|
|
|
|
next();
|
2026-03-16 03:06:38 +00:00
|
|
|
};
|
2026-03-17 10:09:15 +00:00
|
|
|
};
|
|
|
|
|
|
2026-03-17 22:08:53 +00:00
|
|
|
module.exports = { requireRole };
|
