14 lines
339 B
JavaScript
14 lines
339 B
JavaScript
const { sendError } = require("../utils/http");
|
|
|
|
function requireRole(...allowedRoles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) return sendError(res, 401, "Authentication required");
|
|
if (!allowedRoles.includes(req.user.role))
|
|
return sendError(res, 403, "Forbidden");
|
|
|
|
next();
|
|
};
|
|
}
|
|
|
|
module.exports = requireRole;
|