update: verifyRole

middleware/verifyAdmin.js

@@ -1,14 +0,0 @@
-const { ErrorHandler } = require("../helpers/error");
-
-module.exports = (req, res, next) => {
-  const { roles } = req.user;
-  if (roles && roles.includes("admin")) {
-    req.user = {
-      ...req.user,
-      roles,
-    };
-    return next();
-  } else {
-    throw new ErrorHandler(401, "require admin role");
-  }
-};

middleware/verifyRole.js

@@ -0,0 +1,28 @@
+const { ErrorHandler } = require("../helpers/error");
+
+const verifyRole = (allowedRoles) => {
+  return (req, res, next) => {
+    try {
+      const user = req.user;
+
+      if (!user) {
+        throw new ErrorHandler(401, "Unauthorized: User not found");
+      }
+
+      // Super Admin bypass semua role
+      if (user.is_sa) {
+        return next();
+      }
+
+      if (!allowedRoles.includes(user.role_id)) {
+        throw new ErrorHandler(403, "Forbidden: Access denied");
+      }
+
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+};
+
+module.exports = verifyRole;