lib/shared/guards/roles.guard.ts
A guard for role-based access control.
Methods |
constructor(reflector: Reflector)
|
||||||
|
Defined in lib/shared/guards/roles.guard.ts:29
|
||||||
|
Parameters :
|
| canActivate | ||||||
canActivate(context: ExecutionContext)
|
||||||
|
Defined in lib/shared/guards/roles.guard.ts:32
|
||||||
|
Parameters :
Returns :
boolean
|
import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { UserUtils } from "../utils/user.utils";
import { AllowedForMetadataKey } from "../decorators/for-roles.decorator";
import { UserRole } from "../../common/user/user.types";
import { REQUEST_PROPS, Roles } from "../constants";
import hasSomeRole = UserUtils.hasSomeRole;
/**
* A guard for role-based access control.
*/
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private readonly reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const roles = this.reflector.get<string[]>(
AllowedForMetadataKey,
context.getHandler(),
);
if (!roles) {
return true;
}
const req = context.switchToHttp().getRequest();
const userRoles: UserRole[] = req[REQUEST_PROPS.currentUser]?.roles || [];
if (hasSomeRole(userRoles, Roles.ROOT)) {
return true;
}
for (const role of userRoles) {
if (roles.indexOf(role.code) !== -1) {
return true;
}
}
return false;
}
}