30 lines
798 B
TypeScript
30 lines
798 B
TypeScript
import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { Role } from '@prisma/client';
|
|
|
|
export const ROLES_KEY = 'roles';
|
|
|
|
@Injectable()
|
|
export class RolesGuard implements CanActivate {
|
|
constructor(private reflector: Reflector) {}
|
|
|
|
canActivate(context: ExecutionContext): boolean {
|
|
const requiredRoles = this.reflector.getAllAndOverride<Role[]>(ROLES_KEY, [
|
|
context.getHandler(),
|
|
context.getClass(),
|
|
]);
|
|
|
|
if (!requiredRoles) {
|
|
return true;
|
|
}
|
|
|
|
const { user } = context.switchToHttp().getRequest();
|
|
|
|
if (!user || !requiredRoles.includes(user.role)) {
|
|
throw new ForbiddenException('Acesso negado. Permissão insuficiente.');
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|