// Add after including db_connection.php
include 'role_check.php';

// Add after getting token
$headers = getallheaders();
$token = isset($headers['Authorization']) ? str_replace('Bearer ', '', $headers['Authorization']) : null;

if (!$token) {
    http_response_code(401);
    echo json_encode(array("error" => "Authorization token required."));
    exit;
}

// Check if requester is at least Admin
$roleCheck = checkUserRole($conn, $token, 'Admin');

if (!$roleCheck['success']) {
    http_response_code($roleCheck['code']);
    echo json_encode(array("error" => $roleCheck['message']));
    exit;
}

$authUser = $roleCheck['user'];

// In the validation section, add this check for each row:
// Check if Admin is trying to import Super Admin
if ($authUser['role'] === 'Admin' && $rowData['role'] === 'Super admin') {
    $errors[] = "Row $rowNumber: Admin cannot import Super Admin users";
    continue;
}