module.exports = function (req, res, next) {
  const match = req.path.match(/^\/api\/v1\/(\w+)\//);
  if (match) {
    const portal = match[1];
    const userRole = req.tokenPayload && req.tokenPayload.role;
    if (userRole !== portal) {
      return res.status(403).json({
        success: false,
        error: `Access denied. Role '${userRole}' does not match portal '${portal}'.`,
      });
    }
  }
  next();
};