from fastapi import Depends
from modules.auth.security import get_current_user
from modules.auth.schemas import UserRole
from modules.auth.models import User
from core.exceptions import forbidden_exception


class RoleChecker:
    def __init__(self, allowed_roles: list[UserRole]):
        self.allowed_roles = allowed_roles

    def __call__(self, user: User = Depends(get_current_user)):
        if user.role not in self.allowed_roles:
            raise forbidden_exception(
                "You do not have permission to perform this action."
            )
        return user


admin_only = RoleChecker([UserRole.ADMIN])
any_user = RoleChecker([UserRole.ADMIN, UserRole.USER])