import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';

@Injectable()
export class AdminGuard implements CanActivate {
  canActivate(context: ExecutionContext): boolean {
    const request = context.switchToHttp().getRequest();
    
    // The FirebaseAuthGuard should run before this guard
    // and populate the request.user object
    if (!request.user) {
      throw new ForbiddenException('User not authenticated');
    }

    if (request.user.role !== 'admin') {
      throw new ForbiddenException('Requires admin privileges');
    }

    return true;
  }
}