import { ApiError } from '@client/lib/apiError';

/**
 * Returns true when an error or HTTP response indicates the current user lacks
 * permission (403 Forbidden) to access a given section.
 *
 * Works with:
 *  - `ApiError` (from `@client/lib/apiError`) whose `.status === 403`
 *  - Plain `Error` thrown by local `apiFetch` wrappers that embed the backend
 *    `ForbiddenError` message string (e.g. "You do not have read access to …")
 */
export function isForbiddenError(err: unknown): boolean {
  if (err instanceof ApiError) return err.status === 403;
  const msg = (err instanceof Error ? err.message : String(err ?? '')).toLowerCase();
  return (
    (msg.includes('do not have') && msg.includes('access')) ||
    msg.includes('forbidden') ||
    msg.startsWith('http 403') ||
    msg === 'request failed: 403'
  );
}