rckrdmrd/template-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
template-saas/apps/backend/dist/modules/rbac/guards/permissions.guard.js
rckrdmrd 26f0e52ca7 feat: Initial commit - template-saas 
Template base para proyectos SaaS multi-tenant.

Estructura inicial:
- apps/backend (NestJS API)
- apps/frontend (React/Vite)
- apps/database (PostgreSQL DDL)
- docs/ (Documentación)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-07 04:41:24 -06:00

99 lines
4.5 KiB
JavaScript
Raw Permalink Blame History

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AllPermissionsGuard = exports.PermissionsGuard = exports.RequireRoles = exports.RequirePermissions = exports.ROLES_KEY = exports.PERMISSIONS_KEY = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const rbac_service_1 = require("../services/rbac.service");
exports.PERMISSIONS_KEY = 'permissions';
exports.ROLES_KEY = 'roles';
const RequirePermissions = (...permissions) => (target, key, descriptor) => {
Reflect.defineMetadata(exports.PERMISSIONS_KEY, permissions, descriptor?.value || target);
return descriptor || target;
};
exports.RequirePermissions = RequirePermissions;
const RequireRoles = (...roles) => (target, key, descriptor) => {
Reflect.defineMetadata(exports.ROLES_KEY, roles, descriptor?.value || target);
return descriptor || target;
};
exports.RequireRoles = RequireRoles;
let PermissionsGuard = class PermissionsGuard {
constructor(reflector, rbacService) {
this.reflector = reflector;
this.rbacService = rbacService;
}
async canActivate(context) {
const requiredPermissions = this.reflector.getAllAndOverride(exports.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
const requiredRoles = this.reflector.getAllAndOverride(exports.ROLES_KEY, [
context.getHandler(),
context.getClass(),
]);
if (!requiredPermissions?.length && !requiredRoles?.length) {
return true;
}
const request = context.switchToHttp().getRequest();
const user = request.user;
if (!user) {
throw new common_1.ForbiddenException('Usuario no autenticado');
}
const { id: userId, tenant_id: tenantId } = user;
if (requiredRoles?.length) {
for (const role of requiredRoles) {
const hasRole = await this.rbacService.userHasRole(userId, tenantId, role);
if (hasRole) {
return true;
}
}
}
if (requiredPermissions?.length) {
const hasPermission = await this.rbacService.userHasAnyPermission(userId, tenantId, requiredPermissions);
if (hasPermission) {
return true;
}
}
throw new common_1.ForbiddenException('No tiene permisos suficientes para esta acción');
}
};
exports.PermissionsGuard = PermissionsGuard;
exports.PermissionsGuard = PermissionsGuard = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [core_1.Reflector,
rbac_service_1.RbacService])
], PermissionsGuard);
let AllPermissionsGuard = class AllPermissionsGuard {
constructor(reflector, rbacService) {
this.reflector = reflector;
this.rbacService = rbacService;
}
async canActivate(context) {
const requiredPermissions = this.reflector.getAllAndOverride(exports.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
if (!requiredPermissions?.length) {
return true;
}
const request = context.switchToHttp().getRequest();
const user = request.user;
if (!user) {
throw new common_1.ForbiddenException('Usuario no autenticado');
}
const hasAll = await this.rbacService.userHasAllPermissions(user.id, user.tenant_id, requiredPermissions);
if (!hasAll) {
throw new common_1.ForbiddenException('No tiene todos los permisos requeridos');
}
return true;
}
};
exports.AllPermissionsGuard = AllPermissionsGuard;
exports.AllPermissionsGuard = AllPermissionsGuard = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [core_1.Reflector,
rbac_service_1.RbacService])
], AllPermissionsGuard);
//# sourceMappingURL=permissions.guard.js.map
Reference in New Issue View Git Blame Copy Permalink