feat: protecting endpoint by roles

2025-11-26 08:34:55 +00:00 · 2024-12-10 10:11:47 +03:00
parent 577f91b796
commit 66e1bb0f28
7 changed files with 53 additions and 10 deletions
--- a/src/junior/controllers/junior.controller.ts
+++ b/src/junior/controllers/junior.controller.ts
@ -1,8 +1,9 @@
 import { Body, Controller, Get, Param, Post, Query, UseGuards } from '@nestjs/common';
 import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
+import { Roles } from '~/auth/enums';
 import { IJwtPayload } from '~/auth/interfaces';
-import { AuthenticatedUser } from '~/common/decorators';
-import { AccessTokenGuard } from '~/common/guards';
+import { AllowedRoles, AuthenticatedUser } from '~/common/decorators';
+import { RolesGuard } from '~/common/guards';
 import { ApiDataPageResponse, ApiDataResponse } from '~/core/decorators';
 import { PageOptionsRequestDto } from '~/core/dtos';
 import { CustomParseUUIDPipe } from '~/core/pipes';
@ -18,7 +19,8 @@ export class JuniorController {
  constructor(private readonly juniorService: JuniorService) {}

  @Post()
-  @UseGuards(AccessTokenGuard)
+  @UseGuards(RolesGuard)
+  @AllowedRoles(Roles.GUARDIAN)
  @ApiDataResponse(JuniorResponseDto)
  async createJunior(@Body() body: CreateJuniorRequestDto, @AuthenticatedUser() user: IJwtPayload) {
    const junior = await this.juniorService.createJuniors(body, user.sub);
@ -27,7 +29,8 @@ export class JuniorController {
  }

  @Get()
-  @UseGuards(AccessTokenGuard)
+  @UseGuards(RolesGuard)
+  @AllowedRoles(Roles.GUARDIAN)
  @ApiDataPageResponse(JuniorResponseDto)
  async findJuniors(@AuthenticatedUser() user: IJwtPayload, @Query() pageOptions: PageOptionsRequestDto) {
    const [juniors, count] = await this.juniorService.findJuniorsByGuardianId(user.sub, pageOptions);
@ -43,7 +46,8 @@ export class JuniorController {
  }

  @Get(':juniorId')
-  @UseGuards(AccessTokenGuard)
+  @UseGuards(RolesGuard)
+  @AllowedRoles(Roles.GUARDIAN)
  @ApiDataResponse(JuniorResponseDto)
  async findJuniorById(
    @AuthenticatedUser() user: IJwtPayload,
@ -55,7 +59,8 @@ export class JuniorController {
  }

  @Post('set-theme')
-  @UseGuards(AccessTokenGuard)
+  @UseGuards(RolesGuard)
+  @AllowedRoles(Roles.JUNIOR)
  @ApiDataResponse(JuniorResponseDto)
  async setTheme(@Body() body: SetThemeRequestDto, @AuthenticatedUser() user: IJwtPayload) {
    const theme = await this.juniorService.setTheme(body, user.sub);