hr_data_analyzer/middleware/user_permission.go

package middleware

import (
	"hr_receiver/models"
	"net/http"

	"github.com/gin-gonic/gin"
)

func RequireOperatorOrHigher() gin.HandlerFunc {
	return func(c *gin.Context) {
		roleValue, exists := c.Get("role")
		if !exists {
			c.JSON(http.StatusForbidden, gin.H{"error": "missing user role"})
			c.Abort()
			return
		}
		role, ok := roleValue.(models.UserRole)
		if !ok {
			c.JSON(http.StatusForbidden, gin.H{"error": "invalid user role"})
			c.Abort()
			return
		}
		if role != models.UserRoleOperator &&
			role != models.UserRoleRegionAdmin &&
			role != models.UserRoleSuperAdmin {
			c.JSON(http.StatusForbidden, gin.H{"error": "insufficient role permissions"})
			c.Abort()
			return
		}
		c.Next()
	}
}

func RequireStepTrainingAccess() gin.HandlerFunc {
	return func(c *gin.Context) {
		roleValue, exists := c.Get("role")
		if !exists {
			c.JSON(http.StatusForbidden, gin.H{"error": "missing user role"})
			c.Abort()
			return
		}
		role, ok := roleValue.(models.UserRole)
		if !ok {
			c.JSON(http.StatusForbidden, gin.H{"error": "invalid user role"})
			c.Abort()
			return
		}

		if role != models.UserRoleSuperAdmin &&
			role != models.UserRoleRegionAdmin &&
			role != models.UserRoleOperator {
			c.JSON(http.StatusForbidden, gin.H{"error": "insufficient role permissions"})
			c.Abort()
			return
		}
		if role == models.UserRoleSuperAdmin {
			c.Next()
			return
		}

		flavorValue, exists := c.Get("flavorType")
		if !exists {
			c.JSON(http.StatusForbidden, gin.H{"error": "missing user flavor"})
			c.Abort()
			return
		}
		flavorType, ok := flavorValue.(models.UserFlavorType)
		if !ok {
			c.JSON(http.StatusForbidden, gin.H{"error": "invalid user flavor"})
			c.Abort()
			return
		}

		if flavorType != models.UserFlavorAll &&
			flavorType != models.UserFlavorFlink {
			c.JSON(http.StatusForbidden, gin.H{"error": "insufficient flavor permissions"})
			c.Abort()
			return
		}

		c.Next()
	}
}