"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.requireRole = requireRole;
exports.requireNonTemp = requireNonTemp;
const client_1 = require("@prisma/client");
const error_handler_1 = require("./error-handler");
function requireRole(...roles) {
    return (req, _res, next) => {
        if (!req.user) {
            throw new error_handler_1.AppError(401, 'Authentication required', 'AUTH_REQUIRED');
        }
        if (!roles.includes(req.user.role)) {
            throw new error_handler_1.AppError(403, 'Insufficient permissions', 'FORBIDDEN');
        }
        next();
    };
}
function requireNonTemp(req, _res, next) {
    if (!req.user) {
        throw new error_handler_1.AppError(401, 'Authentication required', 'AUTH_REQUIRED');
    }
    if (req.user.role === client_1.UserRole.TEMP) {
        throw new error_handler_1.AppError(403, 'Temporary accounts cannot access this resource', 'TEMP_FORBIDDEN');
    }
    next();
}
//# sourceMappingURL=rbac.middleware.js.map