import { Request, Response, NextFunction } from 'express'; const roleHierarchy: Record = { user: 1, secretary: 2, clinical_manager: 3, finance: 3, partner_admin: 4, admin: 5, super_admin: 10, }; export function authorize(roles: string[]) { return (req: Request, res: Response, next: NextFunction) => { if (!req.user || !roles.includes(req.user.role)) { return res.status(403).json({ error: 'Acesso negado' }); } next(); }; } export function minRole(role: string) { return (req: Request, res: Response, next: NextFunction) => { const userRole = req.user?.role || 'user'; if (roleHierarchy[userRole] < roleHierarchy[role]) { return res.status(403).json({ error: 'Nível de privilégio insuficiente' }); } next(); }; }