jeffemmett
/
postiz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
postiz/apps/backend/src/services/auth/permissions/permissions.guard.ts

66 lines
1.8 KiB
TypeScript
Raw Blame History

import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import {
AppAbility,
PermissionsService,
} from '@gitroom/backend/services/auth/permissions/permissions.service';
import {
AbilityPolicy,
CHECK_POLICIES_KEY,
} from '@gitroom/backend/services/auth/permissions/permissions.ability';
import { Organization } from '@prisma/client';
import { SubscriptionException } from '@gitroom/backend/services/auth/permissions/subscription.exception';
import { Request } from 'express';
@Injectable()
export class PoliciesGuard implements CanActivate {
constructor(
private _reflector: Reflector,
private _authorizationService: PermissionsService
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request: Request = context.switchToHttp().getRequest();
if (
request.path.indexOf('/auth') > -1 ||
request.path.indexOf('/stripe') > -1
) {
return true;
}
const policyHandlers =
this._reflector.get<AbilityPolicy[]>(
CHECK_POLICIES_KEY,
context.getHandler()
) || [];
if (!policyHandlers || !policyHandlers.length) {
return true;
}
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-expect-error
const { org }: { org: Organization } = request;
// @ts-ignore
const ability = await this._authorizationService.check(org.id, org.createdAt, org.users[0].role, policyHandlers);
const item = policyHandlers.find(
(handler) => !this.execPolicyHandler(handler, ability)
);
if (item) {
throw new SubscriptionException({
section: item[1],
action: item[0],
});
}
return true;
}
private execPolicyHandler(handler: AbilityPolicy, ability: AppAbility) {
return ability.can(handler[0], handler[1]);
}
}
Reference in New Issue View Git Blame Copy Permalink