const response = require('../utils/responseHandler')

module.exports = (role) => async (req, res, next) => {
  const user = req.user

  if (
    (typeof role == 'number' && user.role.id !== role) ||
    (typeof role == 'object' && !role.includes(user.role.id))
  ) {
    return response.error(res, {
      message: 'Forbidden',
      code: 403,
    })
  }

  next()
}