from fastapi import Depends, status
from api.deps.auth_dependency import get_current_user
from response import errorRes

def require_role(required_role: str):
    """
    Return a dependency function that ensures the current user has a specific role.
    Example usage:
        @router.get("/admin", dependencies=[Depends(require_role("admin"))])
    """
    async def role_checker(user = Depends(get_current_user)):
        if user.role != required_role:
            raise errorRes(
                status_code=status.HTTP_403_FORBIDDEN,
                message="Access denied",
                detail=f"Access denied: requires role '{required_role}'",
            )
        return user

    return role_checker