import { FastifyRequest, FastifyReply } from 'fastify';

type UserRole = 'ADMIN' | 'MANAGER' | 'AGENT' | 'OWNER' | 'VIEWER';

const ROLE_HIERARCHY: Record<UserRole, number> = {
  ADMIN: 5,
  MANAGER: 4,
  AGENT: 3,
  OWNER: 2,
  VIEWER: 1,
};

export function requireRole(...roles: UserRole[]) {
  return async (
    request: FastifyRequest & { user?: { role: UserRole } },
    reply: FastifyReply
  ) => {
    const userRole = request.user?.role as UserRole;
    const userLevel = ROLE_HIERARCHY[userRole] || 0;
    const requiredLevel = Math.min(...roles.map((r) => ROLE_HIERARCHY[r]));

    if (userLevel < requiredLevel) {
      return reply.status(403).send({ error: 'Permisos insuficientes' });
    }
  };
}