@nestdevx/tenant/dist/shared/src/guards/host-admin.guard.js

Tenant module for multi-tenant NestJS applications.

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var HostAdminGuard_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.HostAdminGuard = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const cqrs_1 = require("@nestjs/cqrs");
const get_user_detail_1 = require("../events/get-user-detail");
const constants_1 = require("../constants");
let HostAdminGuard = HostAdminGuard_1 = class HostAdminGuard {
    constructor(reflector, queryBus) {
        this.reflector = reflector;
        this.queryBus = queryBus;
    }
    async canActivate(context) {
        const requireHostAdmin = this.reflector.get(constants_1.IS_HOST_ADMIN_KEY, context.getHandler());
        common_1.Logger.debug(`HostAdminGuard activated, requireHostAdmin: ${requireHostAdmin}`, HostAdminGuard_1.name);
        if (!requireHostAdmin) {
            return true;
        }
        const request = context.switchToHttp().getRequest();
        if (request.tenant)
            throw new common_1.UnauthorizedException("Host-level access is required");
        const userRole = await this.queryBus.execute(new get_user_detail_1.GetUserDetail(request.user.sub));
        if (!userRole || !userRole.roles || userRole.roles.length === 0) {
            throw new common_1.ForbiddenException("You do not have the required permissions to access this resource.");
        }
        const isHostAdmin = userRole.roles.find(role => role.name === 'admin' && !role.tenantId);
        if (!isHostAdmin) {
            common_1.Logger.warn(`User does not have host admin role: ${JSON.stringify(userRole.roles)}`, HostAdminGuard_1.name);
            throw new common_1.ForbiddenException("You do not have the required permissions to access this resource.");
        }
        common_1.Logger.debug(`User is a host admin: ${JSON.stringify(userRole.roles)}`, HostAdminGuard_1.name);
        return true;
    }
};
exports.HostAdminGuard = HostAdminGuard;
exports.HostAdminGuard = HostAdminGuard = HostAdminGuard_1 = __decorate([
    (0, common_1.Injectable)(),
    __metadata("design:paramtypes", [core_1.Reflector,
        cqrs_1.QueryBus])
], HostAdminGuard);
//# sourceMappingURL=host-admin.guard.js.map