Home Explore Help
Sign In
cturan
/
vendure
mirror of https://github.com/vendure-ecommerce/vendure
1
0
Fork 0
Files Issues 0 Wiki
Tree: dfa24add8a
Branches Tags
vendure
/
server
/
src
/
api
/
common
/
roles-guard.ts

roles-guard.ts 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. import { ExecutionContext, Injectable, ReflectMetadata } from '@nestjs/common';
    2. 

  2. import { Reflector } from '@nestjs/core';
    3. 

  3. import { ExtractJwt, Strategy } from 'passport-jwt';
    4. 

  4. import { Permission } from 'shared/generated-types';
    5. 

  5. 

  6. import { idsAreEqual } from '../../common/utils';
    7. 

  7. import { ConfigService } from '../../config/config.service';
    8. 

  8. import { User } from '../../entity/user/user.entity';
    9. 

  9. 

  10. import { RequestContextService } from './request-context.service';
    11. 

  11. 

  12. export const PERMISSIONS_METADATA_KEY = '__permissions__';
    13. 

  13. 

  14. /**
    15. 

  15.  * Attatches metadata to the resolver defining which permissions are required to execute the
    16. 

  16.  * operation.
    17. 

  17.  *
    18. 

  18.  * @example
    19. 

  19.  * ```
    20. 

  20.  *  @Allow(Permission.SuperAdmin)
    21. 

  21.  *  @Query()
    22. 

  22.  *  getAdministrators() {
    23. 

  23.  *      // ...
    24. 

  24.  *  }
    25. 

  25.  * ```
    26. 

  26.  */
    27. 

  27. export const Allow = (...permissions: Permission[]) => ReflectMetadata(PERMISSIONS_METADATA_KEY, permissions);
    28. 

  28. 

  29. @Injectable()
    30. 

  30. export class RolesGuard {
    31. 

  31.     constructor(
    32. 

  32.         private readonly reflector: Reflector,
    33. 

  33.         private requestContextService: RequestContextService,
    34. 

  34.         private configService: ConfigService,
    35. 

  35.     ) {}
    36. 

  36. 

  37.     canActivate(context: ExecutionContext): boolean {
    38. 

  38.         const permissions = this.reflector.get<string[]>(PERMISSIONS_METADATA_KEY, context.getHandler());
    39. 

  39.         if (this.configService.disableAuth || !permissions) {
    40. 

  40.             return true;
    41. 

  41.         }
    42. 

  42.         const req = context.getArgByIndex(2).req;
    43. 

  43.         const ctx = this.requestContextService.fromRequest(req);
    44. 

  44.         const user: User = req.user;
    45. 

  45.         if (!user) {
    46. 

  46.             return false;
    47. 

  47.         }
    48. 

  48.         const permissionsOnChannel = user.roles
    49. 

  49.             .filter(role => role.channels.find(c => idsAreEqual(c.id, ctx.channel.id)))
    50. 

  50.             .reduce((output, role) => [...output, ...role.permissions], [] as Permission[]);
    51. 

  51.         return arraysIntersect(permissions, permissionsOnChannel);
    52. 

  52.     }
    53. 

  53. }
    54. 

  54. 

  55. /**
    56. 

  56.  * Returns true if any element of arr1 appears in arr2.
    57. 

  57.  */
    58. 

  58. function arraysIntersect<T>(arr1: T[], arr2: T[]): boolean {
    59. 

  59.     return arr1.reduce((intersects, role) => {
    60. 

  60.         return intersects || arr2.includes(role);
    61. 

  61.     }, false);
    62. 

  62. }
    63.