const { ErrorHandler } = require("../helpers/error");

const verifyRole = (allowedRoles) => {
  return (req, res, next) => {
    try {
      const user = req.user;

      if (!user) {
        throw new ErrorHandler(401, "Unauthorized: User not found");
      }

      // Super Admin bypass semua role
      if (user.is_sa) {
        return next();
      }

      if (!allowedRoles.includes(user.role_id)) {
        throw new ErrorHandler(403, "Forbidden: Access denied");
      }

      next();
    } catch (err) {
      next(err);
    }
  };
};

module.exports = verifyRole;