from fastapi import Request, HTTPException, status
from models.user_model import PlatformRole

def verify_super_admin(request: Request):
    """
    Dependency to verify if the authenticated user has the SUPER_ADMIN role.
    Assumes that AuthorizationMiddleware has already populated request.state.user.
    """
    user = getattr(request.state, "user", None)
    
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated"
        )
        
    if getattr(user, "platform_role", None) != PlatformRole.SUPER_ADMIN:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN, 
            detail="Only SUPER_ADMIN can access this resource"
        )
        
    return user