import { Request, Response, NextFunction } from 'express';
import { Role } from '@prisma/client';

export function requireRoles(...allowed: Role[]) {
  return (req: Request, res: Response, next: NextFunction) => {
    if (!req.user) {
      res.status(401).json({ success: false, error: 'Unauthorized' });
      return;
    }
    if (!allowed.includes(req.user.role)) {
      res.status(403).json({ success: false, error: 'Forbidden' });
      return;
    }
    next();
  };
}

export const requireMd = requireRoles(Role.MD);
export const requireMdOrLegal = requireRoles(Role.MD, Role.LEGAL_OFFICER);
export const requireLegal = requireRoles(Role.LEGAL_OFFICER);