""" Authentication and Authorization Configuration Fixed version with proper role handling """ from flask import jsonify from flask_jwt_extended import verify_jwt_in_request, get_jwt from functools import wraps def role_required(*allowed_roles): """ Restrict access based on user roles. Usage: @role_required('admin', 'user', 'manager') Fixed to handle 'cashier' role properly """ def decorator(fn): @wraps(fn) def wrapper(*args, **kwargs): try: # Verify JWT token verify_jwt_in_request() claims = get_jwt() # Get user role from claims user_role = claims.get('role') # Debug logging (remove in production) print(f"[AUTH] User role: {user_role}, Allowed roles: {allowed_roles}") # Check if user role is in allowed roles if user_role not in allowed_roles: return jsonify({ 'message': 'Access forbidden: insufficient permissions', 'required_roles': list(allowed_roles), 'your_role': user_role }), 403 # Role is valid, proceed return fn(*args, **kwargs) except Exception as e: print(f"[AUTH ERROR] {str(e)}") return jsonify({ 'message': 'Authentication failed', 'error': str(e) }), 401 return wrapper return decorator def get_current_user(): """ Get current user information from JWT token Returns: dict with user info or None """ try: verify_jwt_in_request() claims = get_jwt() return { 'user_id': claims.get('user_id'), 'name': claims.get('name'), 'email': claims.get('email'), 'role': claims.get('role'), 'image': claims.get('image') } except Exception as e: print(f"[GET_USER ERROR] {str(e)}") return None