34 lines
1.1 KiB
TypeScript
34 lines
1.1 KiB
TypeScript
/**
|
|
* Author: David Valera Melendez
|
|
* Email: david@valera-melendez.de
|
|
* Created: March 2025
|
|
*/
|
|
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { Role } from '../constants/role.enum';
|
|
|
|
/**
|
|
* RolesGuard checks if the user has the required roles for a route.
|
|
* Supports enums, strings, and can be extended for role hierarchies.
|
|
*/
|
|
@Injectable()
|
|
export class RolesGuard implements CanActivate {
|
|
constructor(private reflector: Reflector) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const requiredRoles = this.reflector.getAllAndOverride<(Role | string)[]>('roles', [
|
|
context.getHandler(),
|
|
context.getClass(),
|
|
]);
|
|
if (!requiredRoles || requiredRoles.length === 0) {
|
|
return true;
|
|
}
|
|
const { user } = context.switchToHttp().getRequest();
|
|
if (!user || !user.roles) return false;
|
|
// Support for enums and strings, and future role hierarchies
|
|
return user.roles.some((userRole: string) =>
|
|
requiredRoles.includes(userRole as Role)
|
|
);
|
|
}
|
|
}
|