marktvogt.de/backend/internal/middleware/role.go

package middleware

import (
	"github.com/gin-gonic/gin"

	"marktvogt.de/backend/internal/pkg/apierror"
)

func RequireRole(roles ...string) gin.HandlerFunc {
	allowed := make(map[string]struct{}, len(roles))
	for _, r := range roles {
		allowed[r] = struct{}{}
	}

	return func(c *gin.Context) {
		role, _ := c.Get("user_role")
		roleStr, _ := role.(string)

		if _, ok := allowed[roleStr]; !ok {
			apiErr := apierror.Forbidden("insufficient permissions")
			c.AbortWithStatusJSON(apiErr.Status, apierror.NewResponse(apiErr))
			return
		}
		c.Next()
	}
}