const mysql = require('mysql2/promise');

async function test() {
  const pool = mysql.createPool({ host: '127.0.0.1', user: 'root', password: 'secret_pass', database: 'fasto_db', port: 3306 });
  try {
    const [rows] = await pool.query('SELECT * FROM users WHERE id = ? OR slug = ?', ['u_71657ec7', 'u_71657ec7']);
    console.log("ROWS:", rows);
    // Simulate req.user
    const req = { user: { role: 'super_admin', tenant_id: 'system' } };
    
    if (req.user.role !== 'super_admin' && rows[0].tenant_id !== req.user.tenant_id) {
       console.log("Access Denied");
    } else {
       console.log("Access Granted");
    }

  } catch (err) {
    console.error("ERROR:", err);
  } finally {
    await pool.end();
  }
}
test();