"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.requirePermission = requirePermission;
const AbilityFactory_1 = require("../../infrastructure/casl/AbilityFactory");
function requirePermission(action, subject) {
    return function rbacMiddleware(req, res, next) {
        if (!req.user) {
            res.status(401).json({ error: 'Unauthorized' });
            return;
        }
        const ability = (0, AbilityFactory_1.defineAbilityFor)(req.user.role);
        if (!ability.can(action, subject)) {
            res.status(403).json({
                error: 'Forbidden',
                message: `You do not have permission to ${action} ${subject}`,
            });
            return;
        }
        next();
    };
}