function sessionCheck(permission) {
    return (req, res, next) => {
        if (!req.session.user) {
            req.session.lastUrl = req.originalUrl;
            req.session.save(() => res.redirect("/login"));
        } else if (req.session.user.permissions < permission) {
            res.status(403);
            res.render("error", {message: "Permission denied !", "error": {}});
        } else
            next();
    }
}

module.exports = sessionCheck;