# modules/auth/dependencies.py
from fastapi import Depends, HTTPException, status
from modules.auth.security import get_current_user
from modules.auth.schemas import UserRole
from modules.auth.models import User
from core.exceptions import forbidden_exception

class RoleChecker:
    def __init__(self, allowed_roles: list[UserRole]):
        self.allowed_roles = allowed_roles

    def __call__(self, user: User = Depends(get_current_user)):
        if user.role not in self.allowed_roles:
            raise forbidden_exception("You do not have permission to perform this action.")
        return user

admin_only = RoleChecker([UserRole.ADMIN])
any_user = RoleChecker([UserRole.ADMIN, UserRole.USER])