exguard-backend 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/scripts/setup-nestjs.cjs +32 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "exguard-backend",
3
- "version": "1.0.13",
3
+ "version": "1.0.15",
4
4
  "private": false,
5
5
  "publishConfig": {
6
6
  "access": "public"
package/scripts/setup-nestjs.cjs CHANGED
@@ -227,7 +227,37 @@ export class ExGuardRoleGuard extends ExGuardNestGuard {
227
227
  export function createPermissionGuard(permissions: string[], requireAll = false) {
228
228
  return class extends ExGuardNestGuard {
229
229
  public async checkPermissions(context: GuardContext) {
230
- return this.exGuard.requirePermissions(context, permissions, { requireAll });
230
+ // First authenticate the user
231
+ const authResult = await this.exGuard.authenticate(context);
232
+
233
+ if (!authResult.allowed) {
234
+ return authResult;
235
+ }
236
+
237
+ // Then check specific permissions
238
+ const userPermissions = authResult.user?.permissions || [];
239
+
240
+ if (requireAll) {
241
+ // User must have ALL permissions
242
+ const hasAllPermissions = permissions.every(perm => userPermissions.includes(perm));
243
+ if (!hasAllPermissions) {
244
+ return {
245
+ allowed: false,
246
+ error: 'Insufficient permissions. Required all of: ' + permissions.join(', ')
247
+ };
248
+ }
249
+ } else {
250
+ // User must have ANY permission
251
+ const hasAnyPermission = permissions.some(perm => userPermissions.includes(perm));
252
+ if (!hasAnyPermission) {
253
+ return {
254
+ allowed: false,
255
+ error: 'Insufficient permissions. Required any of: ' + permissions.join(', ')
256
+ };
257
+ }
258
+ }
259
+
260
+ return { allowed: true, user: authResult.user };
231
261
  }
232
262
  };
233
263
  }
@@ -370,9 +400,9 @@ import {
370
400
  } from '../exguard/exguard.guard';
371
401
 
372
402
  @Controller('events')
373
- @UseGuards(ExGuardPermissionGuard) // Requires 'read' permission
374
403
  export class EventsController {
375
404
  @Get()
405
+ @UseGuards(createPermissionGuard(['events:read']))
376
406
  async getEvents(@Request() req) {
377
407
  console.log('User accessing events:', req.user);
378
408
  console.log('User permissions:', req.user?.permissions);