helpyourneighbour/backend/middleware/role.middleware.js

// Role-based access control middleware
const requireRole = (requiredRoles) => {
  return (req, res, next) => {
    // Check if user is authenticated
    if (!req.user) {
      return res.status(401).json({ 
        error: 'Authentication required' 
      });
    }

    // Check if user has the required role
    const userRole = req.user.role;
    
    if (requiredRoles.includes(userRole)) {
      // User has the required role, allow access
      next();
    } else {
      // User does not have the required role, deny access
      return res.status(403).json({ 
        error: 'Insufficient permissions' 
      });
    }
  };
};

export { requireRole };