Adiciona primeira parte de adicao de roles

2025-09-13 16:02:52 -03:00
parent 7139633915
commit 7b7a666902
7 changed files with 60 additions and 13 deletions
--- a/src/auth/roles.guard.ts
+++ b/src/auth/roles.guard.ts
@@ -0,0 +1,42 @@
+import {
+  Injectable,
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { ROLES_KEY } from './decorator/roles.decorator';
+
+import type { JwtPayload } from './keycloak.strategy';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>(
+      ROLES_KEY,
+      [context.getHandler(), context.getClass()],
+    );
+    if (!requiredRoles || requiredRoles.length === 0) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<{ user: JwtPayload }>();
+    const user = request.user;
+
+    const userRoles: string[] = [
+      ...(user?.resource_access?.clipperia?.roles || []),
+    ];
+
+    console.log(context);
+    const hasRole = requiredRoles.some((role) => userRoles.includes(role));
+    if (!hasRole) {
+      throw new ForbiddenException(
+        'O usuário não possui permissão para acessar esta rota',
+      );
+    }
+
+    return true;
+  }
+}