QT/bigcapital
0
0
Fork 0
Code Issues Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
ef22b9ddaf61078f9a0e4655358099dada81f33f
bigcapital/packages/server-nest/src/modules/Roles/Authorization.guard.ts
Ahmed Bouhuolia ef22b9ddaf refactor: subscriptions to nestjs
2025-03-24 23:38:43 +02:00

57 lines
1.7 KiB
TypeScript
Raw Blame History

import {
Injectable,
CanActivate,
ExecutionContext,
Inject,
} from '@nestjs/common';
import { Request } from 'express';
import { Reflector } from '@nestjs/core';
import { ClsService } from 'nestjs-cls';
import { ABILITIES_CACHE, getAbilityForRole } from './TenantAbilities';
import { TenantModelProxy } from '../System/models/TenantBaseModel';
import { TenantUser } from '../Tenancy/TenancyModels/models/TenantUser.model';
/**
* Authorization guard for checking user abilities
*/
@Injectable()
export class AuthorizationGuard implements CanActivate {
constructor(
private reflector: Reflector,
private readonly clsService: ClsService,
@Inject(TenantUser.name)
private readonly tenantUserModel: TenantModelProxy<typeof TenantUser>,
) {}
/**
* Checks if the user has the required abilities to access the route
* @param context - The execution context
* @returns A boolean indicating if the user can access the route
*/
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const { tenantId, user } = request as any;
if (ABILITIES_CACHE.has(user.id)) {
(request as any).ability = ABILITIES_CACHE.get(user.id);
} else {
const ability = await this.getAbilityForUser();
(request as any).ability = ability;
ABILITIES_CACHE.set(user.id, ability);
}
return true;
}
async getAbilityForUser() {
const userId = this.clsService.get('userId');
const tenantUser = await this.tenantUserModel()
.query()
.findOne('systemUserId', userId)
.withGraphFetched('role.permissions');
return getAbilityForRole(tenantUser.role);
}
}
Reference in New Issue View Git Blame Copy Permalink