from functools import wraps
from flask import redirect, url_for, flash
from flask_login import current_user

def requires_roles(*roles):
    """
    Decorator to restrict access to endpoints based on user roles.
    """
    def wrapper(f):
        @wraps(f)
        def wrapped(*args, **kwargs):
            if not current_user.is_authenticated:
                return redirect(url_for('auth.login'))
            if current_user.role not in roles:
                flash("You do not have permission to access this page.", "danger")
                return redirect(url_for('dashboard.index'))
            return f(*args, **kwargs)
        return wrapped
    return wrapper