"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireRole = requireRole; const authHelpers_1 = require("./authHelpers"); const ROLE_RANK = { OWNER: 3, MANAGER: 2, AGENT: 1, }; /** * Requires the authenticated employee to have at least `minimumRole`. * Must be applied after `requireCompanyAuth`. */ function requireRole(minimumRole) { return (req, res, next) => { const employee = req.employee; if (!employee) return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Authentication required'); const employeeRank = ROLE_RANK[employee.role] ?? 0; const requiredRank = ROLE_RANK[minimumRole] ?? 99; if (employeeRank < requiredRank) { return (0, authHelpers_1.sendForbidden)(res, 'forbidden', `This action requires the ${minimumRole} role or higher`, { requiredRole: minimumRole, yourRole: employee.role, }); } next(); }; } //# sourceMappingURL=requireRole.js.map