import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';

/**
 * Validates privileges.
 */
@Injectable()
export class PrivilegesGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const privileges = this.reflector.get<string[]>(
      'privileges',
      context.getHandler(),
    );
    if (!privileges) {
      return true;
    }
    const request = context.switchToHttp().getRequest();
    const user = request.user;
    return (
      user.privileges.includes('*') ||
      privileges.every((item) =>
        user.privileges.find(({ name }) => name === item),
      )
    );
  }
}