import * as express from "express";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
import { RequestWithUser } from "./user";

export function authRole(role: string, errorMessage = "คุณไม่มีสิทธิในการเข้าถึงทรัพยากรดังกล่าว") {
  return (req: RequestWithUser, _res: express.Response, next: express.NextFunction) => {
    if (!req.user.role.includes(role)) {
      throw new HttpError(HttpStatus.FORBIDDEN, errorMessage);
    }
    next();
  };
}