Ayobami
15 lines
419 B
JavaScript
15 lines
419 B
JavaScript
module.exports = function (req, res, next) {
|
|
const match = req.path.match(/^\/api\/v1\/(\w+)\//);
|
|
if (match) {
|
|
const portal = match[1];
|
|
const userRole = req.tokenPayload && req.tokenPayload.role;
|
|
if (userRole !== portal) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
error: `Access denied. Role '${userRole}' does not match portal '${portal}'.`,
|
|
});
|
|
}
|
|
}
|
|
next();
|
|
};
|