"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireCompanyPolicy = requireCompanyPolicy; const authHelpers_1 = require("./authHelpers"); const companyPolicy_1 = require("../security/policies/companyPolicy"); function requireCompanyPolicy(action) { return (req, res, next) => { const employee = req.employee; if (!employee) return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Authentication required'); const allowedRoles = companyPolicy_1.CompanyPolicy[action]; if (!allowedRoles.includes(employee.role)) { return (0, authHelpers_1.sendForbidden)(res, 'forbidden', 'You do not have permission to perform this action', { action, allowedRoles, yourRole: employee.role, }); } next(); }; } //# sourceMappingURL=requireCompanyPolicy.js.map