From 07ff86ee8252129602f0b62f74c94e10c73789f5 Mon Sep 17 00:00:00 2001
From: manoahLinks <manoahluka@gmail.com>
Date: Wed, 2 Jul 2025 18:51:05 +0100
Subject: [PATCH] Restrict dashboard access based on user role

- Add roleGuard middleware to enforce role-based access control on dashboard routes
- Users can only access dashboard routes matching their assigned role
- Returns 403 Forbidden for unauthorized access attempts

Closes #362
---
 .../src/middleware/roleGuard.ts                  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 land-registry-backend/src/middleware/roleGuard.ts

diff --git a/land-registry-backend/src/middleware/roleGuard.ts b/land-registry-backend/src/middleware/roleGuard.ts
new file mode 100644
index 00000000..f8bd86d1
--- /dev/null
+++ b/land-registry-backend/src/middleware/roleGuard.ts
@@ -0,0 +1,16 @@
+import { Request, Response, NextFunction } from "express";
+
+/**
+ * Middleware to restrict access to routes based on user role.
+ * Usage: app.use('/dashboard/owner', roleGuard(['owner']), ...)
+ */
+export function roleGuard(allowedRoles: string[]) {
+  return (req: Request, res: Response, next: NextFunction) => {
+    // Assumes req.user is set by authentication middleware (e.g., JWT)
+    const userRole = req.user?.role;
+    if (!userRole || !allowedRoles.includes(userRole)) {
+      return res.status(403).json({ message: "Forbidden: Insufficient role" });
+    }
+    next();
+  };
+}