import BaseMiddleware from './BaseMiddleware.js';
export default class FineAuthMiddleware extends BaseMiddleware {
  constructor({ getResourceOwnerId }){ super(); this.getResourceOwnerId=getResourceOwnerId; }
  middleware(){
    return (req,res,next)=>{
      if(req.user.role==='ADMIN') return next();
      if(req.user.userId===this.getResourceOwnerId(req)) return next();
      res.status(403).json({ error:'FORBIDDEN' });
    };
  }
}