sip_huellas/api/app/middlewares/auth_middleware.py

from functools import wraps
from flask import request, jsonify
import jwt
import os

def token_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        # ⬇️ MOVE DE ACÁ LA IMPORTACIÓN DEL MODELO ⬇️
        from app.models.user import User 
        
        token = request.headers.get('Authorization')
        if not token:
            return jsonify({'message': 'Token faltante'}), 401
        try:
            token = token.split(" ")[1] if " " in token else token
            data = jwt.decode(token, os.environ.get('JWT_SECRET_KEY'), algorithms=["HS256"])
            current_user = User.query.get(data['user_id'])
        except Exception as e:
            return jsonify({'message': 'Token inválido o expirado'}), 401
        
        return f(current_user, *args, **kwargs)
    return decorated

def has_permission(required_permission):
    def decorator(f):
        @wraps(f)
        def decorated_function(current_user, *args, **kwargs):
            if not current_user.role or required_permission not in current_user.role.permissions:
                return jsonify({'message': 'No tenés permisos para realizar esta acción'}), 403
            return f(current_user, *args, **kwargs)
        return decorated_function
    return decorator