#api/__init__.py

from functools import wraps
from flask import jsonify, session


def require_auth(roles=[]):
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            user = session.get('user')
            if not user:
                return jsonify({"error": "Unauthorized"}), 401
            if user.get('role') not in roles:
                return jsonify({"error": "Forbidden, permission denied"}), 403
            return func(*args, **kwargs)
        return wrapper
    return decorator