You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
1000 B
26 lines
1000 B
import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common'; |
|
import { Reflector } from '@nestjs/core'; |
|
import { Role } from '@reception/db'; |
|
import { ROLES_KEY } from '../decorators/roles.decorator'; |
|
import type { AuthUser } from '../decorators/current-user.decorator'; |
|
|
|
@Injectable() |
|
export class RolesGuard implements CanActivate { |
|
constructor(private readonly reflector: Reflector) {} |
|
|
|
canActivate(context: ExecutionContext): boolean { |
|
const required = this.reflector.getAllAndOverride<Role[] | undefined>(ROLES_KEY, [ |
|
context.getHandler(), |
|
context.getClass(), |
|
]); |
|
if (!required || required.length === 0) return true; |
|
|
|
const req = context.switchToHttp().getRequest(); |
|
const user: AuthUser | undefined = req.user; |
|
if (!user) throw new ForbiddenException('No user context'); |
|
if (!required.includes(user.role)) { |
|
throw new ForbiddenException(`Required role: ${required.join(' or ')}`); |
|
} |
|
return true; |
|
} |
|
}
|
|
|