gangbi_web/backend/middleware/checkPermission.js

const checkPermission = (requiredPermission) => {
  return (req, res, next) => {
    if (!req.admin) {
      return res.status(401).json({ message: '请先登录' });
    }

    if (req.admin.role === 'superadmin') {
      return next(); // 超级管理员拥有所有权限
    }

    // 添加默认权限映射
    const rolePermissions = {
      admin: [
        'game:manage',
        'category:manage',
        'media:manage',
        'message:manage'  // 添加消息管理权限
      ],
      editor: [
        'game:manage',
        'media:manage'
      ]
    };

    if (!req.admin.permissions.includes(requiredPermission) && 
        !(rolePermissions[req.admin.role] || []).includes(requiredPermission)) {
      return res.status(403).json({ message: '没有操作权限' });
    }

    next();
  };
};

module.exports = checkPermission;