12 lines
318 B
JavaScript
12 lines
318 B
JavaScript
function requireRole(...allowedRoles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) return res.status(401).json({ message: "Authentication required" });
|
|
if (!allowedRoles.includes(req.user.role))
|
|
return res.status(403).json({ message: "Forbidden" });
|
|
|
|
next();
|
|
};
|
|
}
|
|
|
|
module.exports = requireRole;
|