const ROLES = {
    SUPERVISOR: 'supervisor',
    ADMIN: 'admin',
    USER: 'user'
};

const HIERARCHY = {
    [ROLES.SUPERVISOR]: 100,
    [ROLES.ADMIN]: 50,
    [ROLES.USER]: 10
};

const isAuthenticated = (req, res, next) => {
    if (req.session && req.session.user) {
        return next();
    }
    return res.status(401).json({ success: false, message: 'Unauthorized' });
};

const hasRole = (requiredRole) => {
    return (req, res, next) => {
        if (!req.session || !req.session.user) {
            return res.status(401).json({ success: false, message: 'Unauthorized' });
        }

        const userRole = req.session.user.role;
        const userLevel = HIERARCHY[userRole] || 0;
        const requiredLevel = HIERARCHY[requiredRole] || 999;

        if (userLevel >= requiredLevel) {
            return next();
        }

        return res.status(403).json({ success: false, message: 'Forbidden: Insufficient permissions' });
    };
};

module.exports = { isAuthenticated, hasRole, ROLES };