from functools import wraps
from flask import abort
from flask_login import current_user

def admin_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if not current_user.is_authenticated or current_user.role != 'admin':
            abort(403) # HTTP 403 Forbidden error
        return f(*args, **kwargs)
    return decorated_function

# === 修正后的通用权限装饰器 ===
def permission_required(*roles):
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            if not current_user.is_authenticated:
                abort(401) # Unauthorized
            if current_user.role not in roles:
                abort(403) # Forbidden
            return f(*args, **kwargs)
        
        # 正确的返回：返回包含了权限检查逻辑的包装函数
        return decorated_function # <--- 已修正
        
    return decorator