26 lines
No EOL
671 B
JavaScript
26 lines
No EOL
671 B
JavaScript
// Role-based access control middleware
|
|
const requireRole = (requiredRoles) => {
|
|
return (req, res, next) => {
|
|
// Check if user is authenticated
|
|
if (!req.user) {
|
|
return res.status(401).json({
|
|
error: 'Authentication required'
|
|
});
|
|
}
|
|
|
|
// Check if user has the required role
|
|
const userRole = req.user.role;
|
|
|
|
if (!userRole || !requiredRoles.includes(userRole)) {
|
|
// User does not have the required role, deny access
|
|
return res.status(403).json({
|
|
error: 'Insufficient permissions'
|
|
});
|
|
}
|
|
|
|
// User has the required role, allow access
|
|
next();
|
|
};
|
|
};
|
|
|
|
module.exports = { requireRole }; |