const checkAdminRole = (req, res, next) => {
  const roles = req.oidc.user['https://container-mom.com/roles'] || [];
  if (!roles.includes('admin')) {
    return res.status(403).json({ 
      error: 'Forbidden',
      details: 'Admin access required'
    });
  }
  next();
};

// Add a helper to check admin status without blocking
const isAdmin = (req) => {
  const roles = req.oidc.user['https://container-mom.com/roles'] || [];
  return roles.includes('admin');
};

module.exports = { 
  checkAdminRole,
  isAdmin
};