// middlewares/checkRole.js
const responses = require('../helpers/responses');

module.exports = function(...allowedRoles) {
    return (req, res, next) => {
        if (!req.user) {
            return responses.failed(res, 401, 'Anda belum login');
        }

        if (!allowedRoles.includes(req.user.role)) {
            return responses.failed(res, 403, 'Anda tidak memiliki izin untuk mengakses resource ini');
        }

        next();
    };
};