34 lines
944 B
TypeScript
34 lines
944 B
TypeScript
import {
|
|
CanActivate,
|
|
ExecutionContext,
|
|
ForbiddenException,
|
|
Injectable,
|
|
} from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { Role } from '../generated/prisma/enums.js';
|
|
import { ROLES_KEY } from './roles.decorator.js';
|
|
|
|
@Injectable()
|
|
export class RolesGuard implements CanActivate {
|
|
constructor(private readonly reflector: Reflector) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const requiredRoles = this.reflector.getAllAndOverride<Role[]>(ROLES_KEY, [
|
|
context.getHandler(),
|
|
context.getClass(),
|
|
]);
|
|
|
|
if (!requiredRoles || requiredRoles.length === 0) {
|
|
return true;
|
|
}
|
|
|
|
const request = context.switchToHttp().getRequest<{ actor?: { role?: Role } }>();
|
|
const actorRole = request.actor?.role;
|
|
if (!actorRole || !requiredRoles.includes(actorRole)) {
|
|
throw new ForbiddenException('Role is not allowed for this endpoint');
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|