from functools import wraps
from flask import request, jsonify
from sqlalchemy import select
from ..db.model import User, Session, db

def requires_role(roles=[]):
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            auth_header = request.headers.get('Authorization')
            if not auth_header:
                return jsonify({'error': 'No authorization header sent'}), 401
            try:
                session_key = auth_header.split(' ')[1]
            except IndexError:
                return jsonify({'error': 'Invalid authorization header format'}), 401

            session = db.session.execute(

            )
            if not session:
                return jsonify({'error': 'Invalid or expired session'}), 401
            user = User.query.get(session.userID)
            if not user:
                return jsonify({'error': 'User not found'}), 401

            # If no roles specified, allow access
            if not roles:
                return f(*args, **kwargs)

            # Check if user has any of the required roles
            if user.role in roles:
                return f(*args, **kwargs)

            return jsonify({'error': 'Insufficient permissions'}), 403

        return decorated_function

    return decorator