init commit

src/common/guards/roles.guard.ts

@@ -0,0 +1,33 @@
+/**
+ * Author: David Valera Melendez
+ * Email: david@valera-melendez.de
+ * Created: March 2025
+ */
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Role } from '../constants/role.enum';
+
+/**
+ * RolesGuard checks if the user has the required roles for a route.
+ * Supports enums, strings, and can be extended for role hierarchies.
+ */
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredRoles = this.reflector.getAllAndOverride<(Role | string)[]>('roles', [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (!requiredRoles || requiredRoles.length === 0) {
+      return true;
+    }
+    const { user } = context.switchToHttp().getRequest();
+    if (!user || !user.roles) return false;
+    // Support for enums and strings, and future role hierarchies
+    return user.roles.some((userRole: string) =>
+      requiredRoles.includes(userRole as Role)
+    );
+  }
+}