import { ALLOWED_ROLES } from '../CONSTANTS.js'
import { getUserFromRequest } from '../helpers/index.js'

export default async function permissionHandler (req, res, next) {
  const { role } = getUserFromRequest(req)

  if (ALLOWED_ROLES.indexOf(role) === -1) {
    res.status(400).json({
      status: 'WARNING',
      code: 'NOT_ALLOWED'
    })

    return
  }

  return next()
}