npm - @lenne.tech/nest-server - Versions diffs - 10.3.0 → 10.3.2 - Mend

@lenne.tech/nest-server 10.3.0 → 10.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/src/core/modules/file/core-file.resolver.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { Args, Mutation, Query, Resolver } from '@nestjs/graphql';
 import * as GraphQLUpload from 'graphql-upload/GraphQLUpload.js';
+import { Roles } from '../../common/decorators/roles.decorator';
+import { RoleEnum } from '../../common/enums/role.enum';
 import { CoreFileService } from './core-file.service';
 import { CoreFileInfo } from './core-file-info.model';
 import { FileUpload } from './interfaces/file-upload.interface';
@@ -8,6 +10,7 @@ import { FileUpload } from './interfaces/file-upload.interface';
 /**
  * File resolver
  */
+@Roles(RoleEnum.ADMIN)
 @Resolver()
 export class CoreFileResolver {
   /**
@@ -22,6 +25,7 @@ export class CoreFileResolver {
   /**
    * Get file info
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Query(() => CoreFileInfo, { nullable: true })
   async getFileInfo(@Args({ name: 'filename', type: () => String }) filename: string): Promise<any> {
     return await this.fileService.getFileInfoByName(filename);
@@ -34,6 +38,7 @@ export class CoreFileResolver {
   /**
    * Delete file
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => CoreFileInfo)
   async deleteFile(@Args({ name: 'filename', type: () => String }) filename: string): Promise<any> {
     return await this.fileService.deleteFileByName(filename);
@@ -42,6 +47,7 @@ export class CoreFileResolver {
   /**
    * Upload file
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => CoreFileInfo)
   async uploadFile(@Args({ name: 'file', type: () => GraphQLUpload }) file: FileUpload): Promise<any> {
     return await this.fileService.createFile(file);
@@ -50,6 +56,7 @@ export class CoreFileResolver {
   /**
    * Upload files
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => [CoreFileInfo])
   async uploadFiles(@Args({ name: 'files', type: () => [GraphQLUpload] }) files: FileUpload[]): Promise<any> {
     return await this.fileService.createFiles(files);

package/src/core/modules/health-check/core-health-check-result.model.ts CHANGED Viewed

@@ -1,11 +1,14 @@
 import { Field, ObjectType } from '@nestjs/graphql';
+import { Restricted } from '../../common/decorators/restricted.decorator';
+import { RoleEnum } from '../../common/enums/role.enum';
 import { CoreModel } from '../../common/models/core-model.model';
 import { JSON } from '../../common/scalars/json.scalar';
 /**
  * User model
  */
+@Restricted(RoleEnum.S_EVERYONE)
 @ObjectType({ description: 'Health check result' })
 export abstract class CoreHealthCheckResult extends CoreModel {
   // ===================================================================================================================
@@ -15,12 +18,14 @@ export abstract class CoreHealthCheckResult extends CoreModel {
   /**
    * The overall status of the Health Check
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'The overall status of the Health Check', nullable: false })
   status: 'error' | 'ok' | 'shutting_down' = undefined;
   /**
    * The info object contains information of each health indicator which is of status “up”
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(type => JSON, {
     description: 'The info object contains information of each health indicator which is of status “up”',
     nullable: true,
@@ -30,6 +35,7 @@ export abstract class CoreHealthCheckResult extends CoreModel {
   /**
    * The error object contains information of each health indicator which is of status “down”
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(type => JSON, {
     description: 'The error object contains information of each health indicator which is of status “down”',
     nullable: true,
@@ -39,6 +45,7 @@ export abstract class CoreHealthCheckResult extends CoreModel {
   /**
    * The details object contains information of every health indicator
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(type => JSON, {
     description: 'The details object contains information of every health indicator',
     nullable: false,

package/src/core/modules/health-check/core-health-check.controller.ts CHANGED Viewed

@@ -1,11 +1,14 @@
 import { Controller, Get } from '@nestjs/common';
+import { Roles } from '../../common/decorators/roles.decorator';
+import { RoleEnum } from '../../common/enums/role.enum';
 import { CoreHealthCheckService } from './core-health-check.service';
 /**
  * The HealthController class checks the health of various components including the database, memory, and disk.
  * Inspired by https://mobileappcircular.com/marketplace-backend-creating-a-health-check-endpoint-in-nestjs-app-using-terminus-25727e96c7d2
  */
+@Roles(RoleEnum.ADMIN)
 @Controller()
 export class CoreHealthCheckController {
   constructor(protected readonly healthCheckService: CoreHealthCheckService) {}
@@ -18,6 +21,7 @@ export class CoreHealthCheckController {
    * storage. The `healthCheck()` method will return a Promise that resolves with an array of objects
    * representing the results of each check
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Get('health-check')
   async healthCheck() {
     return this.healthCheckService.healthCheck();

package/src/core/modules/user/core-user.model.ts CHANGED Viewed

@@ -3,6 +3,8 @@ import { Schema as MongooseSchema, Prop, raw } from '@nestjs/mongoose';
 import { IsEmail, IsOptional } from 'class-validator';
 import { Document } from 'mongoose';
+import { Restricted } from '../../common/decorators/restricted.decorator';
+import { RoleEnum } from '../../common/enums/role.enum';
 import { CorePersistenceModel } from '../../common/models/core-persistence.model';
 import { CoreTokenData } from '../auth/interfaces/core-token-data.interface';
@@ -11,6 +13,7 @@ export type CoreUserModelDocument = CoreUserModel & Document;
 /**
  * User model
  */
+@Restricted(RoleEnum.S_EVERYONE)
 @ObjectType({ description: 'User', isAbstract: true })
 @MongooseSchema({ timestamps: true })
 export abstract class CoreUserModel extends CorePersistenceModel {
@@ -21,6 +24,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * E-Mail address of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Email of the user', nullable: true })
   @IsEmail()
   @Prop({ lowercase: true, trim: true, unique: true })
@@ -29,6 +33,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * First name of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'First name of the user', nullable: true })
   @IsOptional()
   @Prop()
@@ -37,6 +42,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Last name of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Last name of the user', nullable: true })
   @IsOptional()
   @Prop()
@@ -45,12 +51,14 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Password of the user
    */
+  @Restricted(RoleEnum.S_NO_ONE)
   @Prop()
   password: string = undefined;
   /**
    * Roles of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(type => [String], { description: 'Roles of the user', nullable: true })
   @IsOptional()
   @Prop([String])
@@ -59,6 +67,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Username of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Username of the user', nullable: true })
   @IsOptional()
   @Prop()
@@ -67,6 +76,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Password reset token of the user
    */
+  @Restricted(RoleEnum.S_NO_ONE)
   @IsOptional()
   @Prop()
   passwordResetToken: string = undefined;
@@ -76,6 +86,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
    * key: Token
    * value: TokenData
    */
+  @Restricted(RoleEnum.S_NO_ONE)
   @IsOptional()
   @Prop(raw({}))
   refreshTokens: Record<string, CoreTokenData> = undefined;
@@ -84,6 +95,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
    * Temporary token for parallel requests during the token refresh process
    * See sameTokenIdPeriod in configuration
    */
+  @Restricted(RoleEnum.S_NO_ONE)
   @IsOptional()
   @Prop(raw({}))
   tempTokens: Record<string, { createdAt: number; deviceId: string; tokenId: string }> = undefined;
@@ -91,6 +103,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Verification token of the user
    */
+  @Restricted(RoleEnum.S_NO_ONE)
   @IsOptional()
   @Prop()
   verificationToken: string = undefined;
@@ -98,6 +111,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Verification of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(type => Boolean, { description: 'Verification state of the user', nullable: true })
   @Prop({ type: Boolean })
   verified: boolean = undefined;
@@ -105,6 +119,7 @@ export abstract class CoreUserModel extends CorePersistenceModel {
   /**
    * Verification date
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Verified date', nullable: true })
   @Prop()
   verifiedAt: Date = undefined;

package/src/core/modules/user/inputs/core-user-create.input.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { Field, InputType } from '@nestjs/graphql';
 import { IsEmail } from 'class-validator';
+import { Restricted } from '../../../common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../common/enums/role.enum';
 import { CoreUserInput } from './core-user.input';
 /**
@@ -10,8 +12,10 @@ import { CoreUserInput } from './core-user.input';
  * otherwise the property will not be recognized via Object.keys (this is necessary for mapping) or will be initialized
  * with a default value that may overwrite an existing value in the DB.
  */
+@Restricted(RoleEnum.S_EVERYONE)
 @InputType({ description: 'User input to create a new user', isAbstract: true })
 export abstract class CoreUserCreateInput extends CoreUserInput {
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Email of the user', nullable: false })
   @IsEmail()
   override email: string = undefined;

package/src/core/modules/user/inputs/core-user.input.ts CHANGED Viewed

@@ -13,11 +13,13 @@ import { CoreInput } from '../../../common/inputs/core-input.input';
  * otherwise the property will not be recognized via Object.keys (this is necessary for mapping) or will be initialized
  * with a default value that may overwrite an existing value in the DB.
  */
+@Restricted(RoleEnum.S_EVERYONE)
 @InputType({ description: 'User input', isAbstract: true })
 export abstract class CoreUserInput extends CoreInput {
   /**
    * Email of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Email of the user', nullable: true })
   @IsOptional()
   @IsEmail()
@@ -26,6 +28,7 @@ export abstract class CoreUserInput extends CoreInput {
   /**
    * First name of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'First name of the user', nullable: true })
   @IsOptional()
   firstName?: string = undefined;
@@ -33,6 +36,7 @@ export abstract class CoreUserInput extends CoreInput {
   /**
    * Last name of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Last name of the user', nullable: true })
   @IsOptional()
   lastName?: string = undefined;
@@ -48,6 +52,7 @@ export abstract class CoreUserInput extends CoreInput {
   /**
    * Username / alias of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Username / alias of the user', nullable: true })
   @IsOptional()
   username?: string = undefined;
@@ -55,6 +60,7 @@ export abstract class CoreUserInput extends CoreInput {
   /**
    * Password of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Password of the user', nullable: true })
   @IsOptional()
   password?: string = undefined;

package/src/server/common/models/persistence.model.ts CHANGED Viewed

@@ -2,6 +2,8 @@ import { Field, ObjectType } from '@nestjs/graphql';
 import { Prop } from '@nestjs/mongoose';
 import { Types } from 'mongoose';
+import { Restricted } from '../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { CorePersistenceModel } from '../../../core/common/models/core-persistence.model';
 import { User } from '../../modules/user/user.model';
@@ -12,6 +14,7 @@ import mongoose = require('mongoose');
  *
  * The models are a combination of MikroORM Entities and TypeGraphQL Types
  */
+@Restricted(RoleEnum.ADMIN)
 @ObjectType({
   description: 'Persistence model which will be saved in DB',
   isAbstract: true,
@@ -26,6 +29,7 @@ export abstract class PersistenceModel extends CorePersistenceModel {
    *
    * Not set when created by system
    */
+  @Restricted(RoleEnum.ADMIN)
   @Field(() => User, {
     description: 'ID of the user who created the object',
     nullable: true,
@@ -38,6 +42,7 @@ export abstract class PersistenceModel extends CorePersistenceModel {
    *
    * Not set when updated by system
    */
+  @Restricted(RoleEnum.ADMIN)
   @Field(() => User, {
     description: 'ID of the user who updated the object',
     nullable: true,

package/src/server/modules/auth/auth.controller.ts CHANGED Viewed

@@ -1,9 +1,12 @@
 import { Controller } from '@nestjs/common';
+import { Roles } from '../../../core/common/decorators/roles.decorator';
+import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { ConfigService } from '../../../core/common/services/config.service';
 import { CoreAuthController } from '../../../core/modules/auth/core-auth.controller';
 import { AuthService } from './auth.service';
+@Roles(RoleEnum.ADMIN)
 @Controller('auth')
 export class AuthController extends CoreAuthController {
   /**

package/src/server/modules/auth/auth.model.ts CHANGED Viewed

@@ -1,5 +1,7 @@
 import { Field, ObjectType } from '@nestjs/graphql';
+import { Restricted } from '../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { mapClasses } from '../../../core/common/helpers/model.helper';
 import { CoreAuthModel } from '../../../core/modules/auth/core-auth.model';
 import { User } from '../user/user.model';
@@ -7,6 +9,7 @@ import { User } from '../user/user.model';
 /**
  * Authentication data
  */
+@Restricted(RoleEnum.ADMIN)
 @ObjectType({ description: 'Authentication data' })
 export class Auth extends CoreAuthModel {
   // ===================================================================================================================
@@ -16,6 +19,7 @@ export class Auth extends CoreAuthModel {
   /**
    * Signed-in user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(() => User, { description: 'User who signed in' })
   override user: User = undefined;

package/src/server/modules/auth/auth.resolver.ts CHANGED Viewed

@@ -2,6 +2,8 @@ import { Args, Context, Mutation, Resolver } from '@nestjs/graphql';
 import { Response as ResponseType } from 'express';
 import { GraphQLServiceOptions } from '../../../core/common/decorators/graphql-service-options.decorator';
+import { Roles } from '../../../core/common/decorators/roles.decorator';
+import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { ServiceOptions } from '../../../core/common/interfaces/service-options.interface';
 import { ConfigService } from '../../../core/common/services/config.service';
 import { CoreAuthResolver } from '../../../core/modules/auth/core-auth.resolver';
@@ -13,6 +15,7 @@ import { AuthSignUpInput } from './inputs/auth-sign-up.input';
 /**
  * Authentication resolver for the sign in
  */
+@Roles(RoleEnum.ADMIN)
 @Resolver(() => Auth)
 export class AuthResolver extends CoreAuthResolver {
   /**
@@ -28,6 +31,7 @@ export class AuthResolver extends CoreAuthResolver {
   /**
    * SignIn for User
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => Auth, { description: 'Sign in and get JWT token' })
   override async signIn(
     @GraphQLServiceOptions({ gqlPath: 'signIn.user' }) serviceOptions: ServiceOptions,
@@ -44,6 +48,7 @@ export class AuthResolver extends CoreAuthResolver {
   /**
    * Sign up for user
    */
+  @Roles(RoleEnum.S_EVERYONE)
   @Mutation(() => Auth, {
     description: 'Sign up user and get JWT token',
   })

package/src/server/modules/auth/inputs/auth-sign-in.input.ts CHANGED Viewed

@@ -1,10 +1,13 @@
 import { InputType } from '@nestjs/graphql';
+import { Restricted } from '../../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../../core/common/enums/role.enum';
 import { CoreAuthSignInInput } from '../../../../core/modules/auth/inputs/core-auth-sign-in.input';
 /**
  * SignIn input
  */
+@Restricted(RoleEnum.ADMIN)
 @InputType({ description: 'Sign-in input' })
 export class AuthSignInInput extends CoreAuthSignInInput {
   // Extend UserInput here

package/src/server/modules/auth/inputs/auth-sign-up.input.ts CHANGED Viewed

@@ -1,19 +1,24 @@
 import { Field, InputType } from '@nestjs/graphql';
+import { Restricted } from '../../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../../core/common/enums/role.enum';
 import { CoreAuthSignUpInput } from '../../../../core/modules/auth/inputs/core-auth-sign-up.input';
 /**
  * SignUp input
  */
+@Restricted(RoleEnum.ADMIN)
 @InputType({ description: 'Sign-up input' })
 export class AuthSignUpInput extends CoreAuthSignUpInput {
   // ===================================================================================================================
   // Properties
   // ===================================================================================================================
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'firstName', nullable: true })
   firstName: string = undefined;
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'lastName', nullable: true })
   lastName: string = undefined;
 }

package/src/server/modules/file/file-info.model.ts CHANGED Viewed

@@ -1,11 +1,14 @@
 import { ObjectType } from '@nestjs/graphql';
 import { Schema as MongooseSchema, SchemaFactory } from '@nestjs/mongoose';
+import { Restricted } from '../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { CoreFileInfo } from '../../../core/modules/file/core-file-info.model';
 /**
  * File info model
  */
+@Restricted(RoleEnum.ADMIN)
 @ObjectType({ description: 'Information about file' })
 @MongooseSchema({ collection: 'fs.files' })
 export class FileInfo extends CoreFileInfo {}

package/src/server/modules/file/file.controller.ts CHANGED Viewed

@@ -30,6 +30,7 @@ export class FileController {
   /**
    * Upload file
    */
+  @Roles(RoleEnum.ADMIN)
   @Post('upload')
   @UseInterceptors(FileInterceptor('file'))
   uploadFile(@UploadedFile() file: Express.Multer.File): any {
@@ -39,6 +40,7 @@ export class FileController {
   /**
    * Download file
    */
+  @Roles(RoleEnum.ADMIN)
   @Get(':id')
   async getFile(@Param('id') id: string, @Res() res) {
     if (!id) {
@@ -65,6 +67,7 @@ export class FileController {
   /**
    * Get file information
    */
+  @Roles(RoleEnum.ADMIN)
   @Get('info/:id')
   async getFileInfo(@Param('id') id: string) {
     return await this.fileService.getFileInfo(id);
@@ -73,6 +76,7 @@ export class FileController {
   /**
    * Delete file
    */
+  @Roles(RoleEnum.ADMIN)
   @Delete(':id')
   async deleteFile(@Param('id') id: string) {
     if (!id) {

package/src/server/modules/user/avatar.controller.ts CHANGED Viewed

@@ -13,6 +13,7 @@ import { UserService } from './user.service';
 /**
  * Controller for avatar
  */
+@Roles(RoleEnum.ADMIN)
 @Controller('avatar')
 export class AvatarController {
   /**

package/src/server/modules/user/inputs/user-create.input.ts CHANGED Viewed

@@ -1,10 +1,13 @@
 import { InputType } from '@nestjs/graphql';
+import { Restricted } from '../../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../../core/common/enums/role.enum';
 import { CoreUserCreateInput } from '../../../../core/modules/user/inputs/core-user-create.input';
 /**
  * User input to create a new user
  */
+@Restricted(RoleEnum.ADMIN)
 @InputType({ description: 'User input to create a new user' })
 export class UserCreateInput extends CoreUserCreateInput {
   // Extend UserCreateInput here

package/src/server/modules/user/inputs/user.input.ts CHANGED Viewed

@@ -1,10 +1,13 @@
 import { InputType } from '@nestjs/graphql';
+import { Restricted } from '../../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../../core/common/enums/role.enum';
 import { CoreUserInput } from '../../../../core/modules/user/inputs/core-user.input';
 /**
  * User input to update a user
  */
+@Restricted(RoleEnum.ADMIN)
 @InputType({ description: 'User input' })
 export class UserInput extends CoreUserInput {
   // Extend UserInput here

package/src/server/modules/user/outputs/find-and-count-users-result.output.ts CHANGED Viewed

@@ -1,12 +1,17 @@
 import { Field, ObjectType } from '@nestjs/graphql';
+import { Restricted } from '../../../../core/common/decorators/restricted.decorator';
+import { RoleEnum } from '../../../../core/common/enums/role.enum';
 import { User } from '../user.model';
+@Restricted(RoleEnum.ADMIN)
 @ObjectType({ description: 'Result of find and count' })
 export class FindAndCountUsersResult {
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(() => [User], { description: 'Found users' })
   items: User[];
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'Total count (skip/offset and limit/take are ignored in the count)' })
   totalCount: number;
 }

package/src/server/modules/user/user.model.ts CHANGED Viewed

@@ -1,7 +1,9 @@
 import { Field, ObjectType } from '@nestjs/graphql';
 import { Schema as MongooseSchema, Prop, SchemaFactory } from '@nestjs/mongoose';
+import { IsOptional } from 'class-validator';
 import { Document, Schema } from 'mongoose';
+import { Restricted } from '../../../core/common/decorators/restricted.decorator';
 import { RoleEnum } from '../../../core/common/enums/role.enum';
 import { CoreUserModel } from '../../../core/modules/user/core-user.model';
 import { PersistenceModel } from '../../common/models/persistence.model';
@@ -11,6 +13,7 @@ export type UserDocument = Document & User;
 /**
  * User model
  */
+@Restricted(RoleEnum.ADMIN)
 @ObjectType({ description: 'User' })
 @MongooseSchema({ timestamps: true })
 export class User extends CoreUserModel implements PersistenceModel {
@@ -21,6 +24,7 @@ export class User extends CoreUserModel implements PersistenceModel {
   /**
    * URL to avatar file of the user
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field({ description: 'URL to avatar file of the user', nullable: true })
   @Prop()
   avatar: string = undefined;
@@ -30,6 +34,7 @@ export class User extends CoreUserModel implements PersistenceModel {
    *
    * Not set when created by system
    */
+  @Restricted(RoleEnum.S_EVERYONE)
   @Field(() => String, {
     description: 'ID of the user who created the object',
     nullable: true,
@@ -37,11 +42,21 @@ export class User extends CoreUserModel implements PersistenceModel {
   @Prop({ ref: 'User', type: Schema.Types.ObjectId })
   createdBy: string = undefined;
+  /**
+   * Roles of the user
+   */
+  @Restricted(RoleEnum.S_EVERYONE)
+  @Field(type => [String], { description: 'Roles of the user', nullable: true })
+  @IsOptional()
+  @Prop([String])
+  override roles: string[] = undefined;
   /**
    * ID of the user who updated the object
    *
    * Not set when updated by system
    */
+  @Restricted(RoleEnum.S_USER)
   @Field(() => String, {
     description: 'ID of the user who last updated the object',
     nullable: true,

package/src/server/server.controller.ts CHANGED Viewed

@@ -2,10 +2,12 @@ import { Controller, Get, Render } from '@nestjs/common';
 import { ConfigService, RoleEnum, Roles } from '..';
+@Roles(RoleEnum.ADMIN)
 @Controller()
 export class ServerController {
   constructor(protected configService: ConfigService) {}
+  @Roles(RoleEnum.S_EVERYONE)
   @Get()
   @Render('index')
   root() {