plac-micro-common 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -33,6 +33,8 @@ let JwtAuthGuard = class JwtAuthGuard {
|
|
|
33
33
|
req.current_user = authPayload.user;
|
|
34
34
|
req.current_app = authPayload.app;
|
|
35
35
|
req.current_app_client = authPayload.app_client;
|
|
36
|
+
req.current_roles = authPayload.roles ?? [];
|
|
37
|
+
req.current_permissions = authPayload.permissions ?? [];
|
|
36
38
|
return true;
|
|
37
39
|
}
|
|
38
40
|
};
|
|
@@ -23,17 +23,19 @@ let PermissionsGuard = class PermissionsGuard {
|
|
|
23
23
|
if (!required || required.length === 0)
|
|
24
24
|
return true;
|
|
25
25
|
const req = context.switchToHttp().getRequest();
|
|
26
|
-
//
|
|
27
|
-
const
|
|
28
|
-
|
|
29
|
-
throw new common_1.UnauthorizedException("Missing auth user");
|
|
30
|
-
const userPerms = Array.isArray(user.permissions)
|
|
31
|
-
? user.permissions
|
|
26
|
+
// ✅ Your convention: permissions live on req.current_permissions
|
|
27
|
+
const perms = Array.isArray(req?.current_permissions)
|
|
28
|
+
? req.current_permissions
|
|
32
29
|
: [];
|
|
30
|
+
if (!perms.length) {
|
|
31
|
+
// If JWT guard didn't run, or token had no permissions
|
|
32
|
+
throw new common_1.UnauthorizedException("Missing permissions in request");
|
|
33
|
+
}
|
|
33
34
|
// require ALL permissions by default
|
|
34
|
-
const hasAll = required.every((p) =>
|
|
35
|
-
if (!hasAll)
|
|
35
|
+
const hasAll = required.every((p) => perms.includes(p));
|
|
36
|
+
if (!hasAll) {
|
|
36
37
|
throw new common_1.ForbiddenException("Insufficient permissions");
|
|
38
|
+
}
|
|
37
39
|
return true;
|
|
38
40
|
}
|
|
39
41
|
};
|