system now uses seperate pricing.

routes/admin.js

@@ -1,4 +1,4 @@
-import { authenticate, isAdmin } from "../middleware/auth.js";
+import { authenticate } from "../middleware/auth.js";
 import pricingService from "../services/pricing.js";
 import Item from "../models/Item.js";
 import MarketPrice from "../models/MarketPrice.js";
@@ -20,17 +20,13 @@ export default async function adminRoutes(fastify, options) {
       });
     }
 
-    // Check if user is admin (you can customize this check)
+    // Check if user has admin staff level (3 or higher)
-    // For now, checking if user has admin role or specific steamId
+    if (!request.user.staffLevel || request.user.staffLevel < 3) {
-    const adminSteamIds = process.env.ADMIN_STEAM_IDS?.split(",") || [];
-
-    if (
-      !request.user.isAdmin &&
-      !adminSteamIds.includes(request.user.steamId)
-    ) {
       return reply.status(403).send({
         success: false,
         message: "Admin access required",
+        requiredLevel: 3,
+        currentLevel: request.user.staffLevel || 0,
       });
     }
   };