exguard-backend 1.0.14 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/scripts/setup-nestjs.cjs +31 -1
package/package.json
CHANGED
package/scripts/setup-nestjs.cjs
CHANGED
|
@@ -227,7 +227,37 @@ export class ExGuardRoleGuard extends ExGuardNestGuard {
|
|
|
227
227
|
export function createPermissionGuard(permissions: string[], requireAll = false) {
|
|
228
228
|
return class extends ExGuardNestGuard {
|
|
229
229
|
public async checkPermissions(context: GuardContext) {
|
|
230
|
-
|
|
230
|
+
// First authenticate the user
|
|
231
|
+
const authResult = await this.exGuard.authenticate(context);
|
|
232
|
+
|
|
233
|
+
if (!authResult.allowed) {
|
|
234
|
+
return authResult;
|
|
235
|
+
}
|
|
236
|
+
|
|
237
|
+
// Then check specific permissions
|
|
238
|
+
const userPermissions = authResult.user?.permissions || [];
|
|
239
|
+
|
|
240
|
+
if (requireAll) {
|
|
241
|
+
// User must have ALL permissions
|
|
242
|
+
const hasAllPermissions = permissions.every(perm => userPermissions.includes(perm));
|
|
243
|
+
if (!hasAllPermissions) {
|
|
244
|
+
return {
|
|
245
|
+
allowed: false,
|
|
246
|
+
error: 'Insufficient permissions. Required all of: ' + permissions.join(', ')
|
|
247
|
+
};
|
|
248
|
+
}
|
|
249
|
+
} else {
|
|
250
|
+
// User must have ANY permission
|
|
251
|
+
const hasAnyPermission = permissions.some(perm => userPermissions.includes(perm));
|
|
252
|
+
if (!hasAnyPermission) {
|
|
253
|
+
return {
|
|
254
|
+
allowed: false,
|
|
255
|
+
error: 'Insufficient permissions. Required any of: ' + permissions.join(', ')
|
|
256
|
+
};
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
|
|
260
|
+
return { allowed: true, user: authResult.user };
|
|
231
261
|
}
|
|
232
262
|
};
|
|
233
263
|
}
|