57 lines
1.3 KiB
Go
57 lines
1.3 KiB
Go
// internal/middleware/role_middleware.go
|
|
package middleware
|
|
|
|
import (
|
|
"lost-and-found/internal/models"
|
|
"lost-and-found/internal/utils"
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// RequireRole checks if user has required role
|
|
func RequireRole(allowedRoles ...string) gin.HandlerFunc {
|
|
return func(ctx *gin.Context) {
|
|
userObj, exists := ctx.Get("user")
|
|
if !exists {
|
|
utils.ErrorResponse(ctx, http.StatusUnauthorized, "Authentication required", "")
|
|
ctx.Abort()
|
|
return
|
|
}
|
|
|
|
user := userObj.(*models.User)
|
|
userRole := user.Role.Name
|
|
|
|
// Check if user has allowed role
|
|
hasRole := false
|
|
for _, role := range allowedRoles {
|
|
if userRole == role {
|
|
hasRole = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if !hasRole {
|
|
utils.ErrorResponse(ctx, http.StatusForbidden, "Insufficient permissions", "")
|
|
ctx.Abort()
|
|
return
|
|
}
|
|
|
|
ctx.Next()
|
|
}
|
|
}
|
|
|
|
// RequireAdmin middleware (admin only)
|
|
func RequireAdmin() gin.HandlerFunc {
|
|
return RequireRole(models.RoleAdmin)
|
|
}
|
|
|
|
// RequireManager middleware (manager and admin)
|
|
func RequireManager() gin.HandlerFunc {
|
|
return RequireRole(models.RoleAdmin, models.RoleManager)
|
|
}
|
|
|
|
// RequireUser middleware (all authenticated users)
|
|
func RequireUser() gin.HandlerFunc {
|
|
return RequireRole(models.RoleAdmin, models.RoleManager, models.RoleUser)
|
|
} |