// middlewares/accessMiddleware.js

// 권한 레벨 정의
const ACCESS_LEVELS = {
  worker: 1,
  group_leader: 2,
  support_team: 3,
  admin: 4,
  system: 5
};

const requireAccess = (requiredLevel) => {
  return (req, res, next) => {
    if (!req.user) {
      return res.status(401).json({ error: '인증이 필요합니다.' });
    }

    const userLevel = ACCESS_LEVELS[req.user.access_level] || 0;
    const required = ACCESS_LEVELS[requiredLevel] || 999;

    if (userLevel < required) {
      return res.status(403).json({ 
        error: '접근 권한이 없습니다.',
        required: requiredLevel,
        current: req.user.access_level 
      });
    }

    next();
  };
};

module.exports = { requireAccess, ACCESS_LEVELS };