class Guard {

  public static function auth() {
    if (!isset($_SESSION['user'])) {
        header('Location: /login.php'); exit;
    }
  }

  public static function role(array $roles) {
    if (!in_array($_SESSION['user']['role'], $roles)) {
        http_response_code(403); exit('Forbidden');
    }
  }

  public static function branch($branchId) {
    if ($_SESSION['user']['role'] !== 'SUPER_ADMIN'
        && $_SESSION['user']['branch_id'] != $branchId) {
        exit('Branch Isolation Violation');
    }
  }
}