@sync-in/server/server/applications/users/guards/permissions.guard.js

The secure, open-source platform for file storage, sharing, collaboration, and sync

/*
 * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
 * This file is part of Sync-in | The open source file sync and share solution
 * See the LICENSE file for licensing details
 */ "use strict";
Object.defineProperty(exports, "__esModule", {
    value: true
});
Object.defineProperty(exports, "UserPermissionsGuard", {
    enumerable: true,
    get: function() {
        return UserPermissionsGuard;
    }
});
const _common = require("@nestjs/common");
const _core = require("@nestjs/core");
const _permissionsdecorator = require("../decorators/permissions.decorator");
function _ts_decorate(decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
}
function _ts_metadata(k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
}
let UserPermissionsGuard = class UserPermissionsGuard {
    canActivate(ctx) {
        const permissions = this.reflector.getAllAndOverride(_permissionsdecorator.UserHavePermission, [
            ctx.getHandler(),
            ctx.getClass()
        ]);
        if (permissions === undefined) {
            this.logger.warn(`no application defined on ${ctx.getClass().name}:${ctx.getHandler().name}`);
            return false;
        }
        if (Object.keys(permissions).length === 0) {
            // used to bypass the check, the guard is called without argument, the value is '{}'
            return true;
        }
        const req = ctx.switchToHttp().getRequest();
        if (req.user.isAdmin) {
            return true;
        }
        let authorized = false;
        if (Array.isArray(permissions)) {
            // if any of the apps are allowed, proceed
            authorized = permissions.some((p)=>req.user.havePermission(p));
        } else {
            authorized = req.user.havePermission(permissions);
        }
        if (!authorized) {
            this.logger.warn(`does not have permissions : ${permissions}`);
            throw new _common.HttpException('You are not allowed to do this action', _common.HttpStatus.FORBIDDEN);
        }
        return authorized;
    }
    constructor(reflector){
        this.reflector = reflector;
        this.logger = new _common.Logger(UserPermissionsGuard.name);
    }
};
UserPermissionsGuard = _ts_decorate([
    (0, _common.Injectable)(),
    _ts_metadata("design:type", Function),
    _ts_metadata("design:paramtypes", [
        typeof _core.Reflector === "undefined" ? Object : _core.Reflector
    ])
], UserPermissionsGuard);

//# sourceMappingURL=permissions.guard.js.map