27 lines
1018 B
JavaScript
27 lines
1018 B
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.requireRole = requireRole;
|
|
exports.requireNonTemp = requireNonTemp;
|
|
const client_1 = require("@prisma/client");
|
|
const error_handler_1 = require("./error-handler");
|
|
function requireRole(...roles) {
|
|
return (req, _res, next) => {
|
|
if (!req.user) {
|
|
throw new error_handler_1.AppError(401, 'Authentication required', 'AUTH_REQUIRED');
|
|
}
|
|
if (!roles.includes(req.user.role)) {
|
|
throw new error_handler_1.AppError(403, 'Insufficient permissions', 'FORBIDDEN');
|
|
}
|
|
next();
|
|
};
|
|
}
|
|
function requireNonTemp(req, _res, next) {
|
|
if (!req.user) {
|
|
throw new error_handler_1.AppError(401, 'Authentication required', 'AUTH_REQUIRED');
|
|
}
|
|
if (req.user.role === client_1.UserRole.TEMP) {
|
|
throw new error_handler_1.AppError(403, 'Temporary accounts cannot access this resource', 'TEMP_FORBIDDEN');
|
|
}
|
|
next();
|
|
}
|
|
//# sourceMappingURL=rbac.middleware.js.map
|