40 lines
1.1 KiB
TypeScript
40 lines
1.1 KiB
TypeScript
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
|
|
/**
|
|
* Validates privileges.
|
|
*/
|
|
@Injectable()
|
|
export class PrivilegesGuard implements CanActivate {
|
|
constructor(private reflector: Reflector) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const privileges = this.reflector.get<(string | string[])[]>(
|
|
'privileges',
|
|
context.getHandler(),
|
|
);
|
|
if (!privileges) {
|
|
return true;
|
|
}
|
|
const request = context.switchToHttp().getRequest();
|
|
const user = request.user;
|
|
|
|
const withOrLogic = privileges.some((entry) => Array.isArray(entry));
|
|
if (withOrLogic) {
|
|
return privileges.some((entry) => {
|
|
if (Array.isArray(entry)) {
|
|
return entry.every((item) =>
|
|
user.privileges.find(({ name }) => name === item),
|
|
);
|
|
} else {
|
|
return user.privileges.find(({ name }) => name === entry);
|
|
}
|
|
});
|
|
}
|
|
|
|
return privileges.every((item) =>
|
|
user.privileges.find(({ name }) => name === item),
|
|
);
|
|
}
|
|
}
|