From 1cadf8c69daff9c7fcdefce40fae06a95e72ad6f Mon Sep 17 00:00:00 2001
From: Antony Kurniawan <antonynugroho467@gmail.com>
Date: Wed, 1 Oct 2025 10:18:32 +0700
Subject: [PATCH] update: verifyRole

---
 middleware/verifyAdmin.js | 14 --------------
 middleware/verifyRole.js  | 28 ++++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 14 deletions(-)
 delete mode 100644 middleware/verifyAdmin.js
 create mode 100644 middleware/verifyRole.js

diff --git a/middleware/verifyAdmin.js b/middleware/verifyAdmin.js
deleted file mode 100644
index 4a04109..0000000
--- a/middleware/verifyAdmin.js
+++ /dev/null
@@ -1,14 +0,0 @@
-const { ErrorHandler } = require("../helpers/error");
-
-module.exports = (req, res, next) => {
-  const { roles } = req.user;
-  if (roles && roles.includes("admin")) {
-    req.user = {
-      ...req.user,
-      roles,
-    };
-    return next();
-  } else {
-    throw new ErrorHandler(401, "require admin role");
-  }
-};
diff --git a/middleware/verifyRole.js b/middleware/verifyRole.js
new file mode 100644
index 0000000..2bdfdb9
--- /dev/null
+++ b/middleware/verifyRole.js
@@ -0,0 +1,28 @@
+const { ErrorHandler } = require("../helpers/error");
+
+const verifyRole = (allowedRoles) => {
+  return (req, res, next) => {
+    try {
+      const user = req.user;
+
+      if (!user) {
+        throw new ErrorHandler(401, "Unauthorized: User not found");
+      }
+
+      // Super Admin bypass semua role
+      if (user.is_sa) {
+        return next();
+      }
+
+      if (!allowedRoles.includes(user.role_id)) {
+        throw new ErrorHandler(403, "Forbidden: Access denied");
+      }
+
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+};
+
+module.exports = verifyRole;