Update role guards to differentiate between admin and super admin roles

2025-07-16 18:56:22 +00:00 · 2024-05-11 21:19:53 +03:00
parent e7024a5cb8
commit ea19361a59
6 changed files with 43 additions and 19 deletions
--- a/src/auth/controllers/user-auth.controller.ts
+++ b/src/auth/controllers/user-auth.controller.ts
@ -16,7 +16,7 @@ import { ResponseMessage } from '../../../libs/common/src/response/response.deco
 import { UserLoginDto } from '../dtos/user-login.dto';
 import { ForgetPasswordDto, UserOtpDto, VerifyOtpDto } from '../dtos';
 import { RefreshTokenGuard } from '@app/common/guards/jwt-refresh.auth.guard';
-import { AdminRoleGuard } from 'src/guards/admin.role.guard';
+import { SuperAdminRoleGuard } from 'src/guards/super.admin.role.guard';

@Controller({
  version: '1',
@ -52,7 +52,7 @@ export class UserAuthController {
  }

  @ApiBearerAuth()
-  @UseGuards(AdminRoleGuard)
+  @UseGuards(SuperAdminRoleGuard)
  @Delete('user/delete/:id')
  async userDelete(@Param('id') id: string) {
    await this.userAuthService.deleteUser(id);
@ -98,7 +98,7 @@ export class UserAuthController {
  }

  @ApiBearerAuth()
-  @UseGuards(AdminRoleGuard)
+  @UseGuards(SuperAdminRoleGuard)
  @Get('user/list')
  async userList() {
    const userList = await this.userAuthService.userList();
--- a/src/guards/admin.role.guard.ts
+++ b/src/guards/admin.role.guard.ts
@ -4,13 +4,13 @@ import { AuthGuard } from '@nestjs/passport';

 export class AdminRoleGuard extends AuthGuard('jwt') {
  handleRequest(err, user) {
+    if (err || !user) {
+      throw err || new UnauthorizedException();
+    } else {
      const isAdmin = user.roles.some(
        (role) =>
          role.type === RoleType.SUPER_ADMIN || role.type === RoleType.ADMIN,
      );
-    if (err || !user) {
-      throw err || new UnauthorizedException();
-    } else {
      if (!isAdmin) {
        throw new BadRequestException('Only admin role can access this route');
      }
--- a/src/guards/super.admin.role.guard.ts
+++ b/src/guards/super.admin.role.guard.ts
@ -0,0 +1,21 @@
+import { RoleType } from '@app/common/constants/role.type.enum';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+export class SuperAdminRoleGuard extends AuthGuard('jwt') {
+  handleRequest(err, user) {
+    if (err || !user) {
+      throw err || new UnauthorizedException();
+    } else {
+      const isSuperAdmin = user.roles.some(
+        (role) => role.type === RoleType.SUPER_ADMIN,
+      );
+      if (!isSuperAdmin) {
+        throw new BadRequestException(
+          'Only super admin role can access this route',
+        );
+      }
+    }
+    return user;
+  }
+}
--- a/src/guards/user.role.guard.ts
+++ b/src/guards/user.role.guard.ts
@ -4,15 +4,15 @@ import { AuthGuard } from '@nestjs/passport';

 export class UserRoleGuard extends AuthGuard('jwt') {
  handleRequest(err, user) {
+    if (err || !user) {
+      throw err || new UnauthorizedException();
+    } else {
      const isUserOrAdmin = user.roles.some(
        (role) =>
          role.type === RoleType.SUPER_ADMIN ||
          role.type === RoleType.ADMIN ||
          role.type === RoleType.USER,
      );
-    if (err || !user) {
-      throw err || new UnauthorizedException();
-    } else {
      if (!isUserOrAdmin) {
        throw new BadRequestException(
          'Only admin or user role can access this route',
--- a/src/role/controllers/role.controller.ts
+++ b/src/role/controllers/role.controller.ts
@ -11,7 +11,7 @@ import {
 import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
 import { RoleService } from '../services/role.service';
 import { UserRoleEditDto } from '../dtos';
-import { AdminRoleGuard } from 'src/guards/admin.role.guard';
+import { SuperAdminRoleGuard } from 'src/guards/super.admin.role.guard';

@ApiTags('Role Module')
@Controller({
@ -21,7 +21,7 @@ import { AdminRoleGuard } from 'src/guards/admin.role.guard';
 export class RoleController {
  constructor(private readonly roleService: RoleService) {}
  @ApiBearerAuth()
-  @UseGuards(AdminRoleGuard)
+  @UseGuards(SuperAdminRoleGuard)
  @Get('types')
  async fetchRoleTypes() {
    try {
@ -36,7 +36,7 @@ export class RoleController {
    }
  }
  @ApiBearerAuth()
-  @UseGuards(AdminRoleGuard)
+  @UseGuards(SuperAdminRoleGuard)
  @Put('edit/user/:userUuid')
  async editUserRoleType(
    @Param('userUuid') userUuid: string,
--- a/src/role/dtos/role.edit.dto.ts
+++ b/src/role/dtos/role.edit.dto.ts
@ -1,13 +1,16 @@
 import { RoleType } from '@app/common/constants/role.type.enum';
 import { ApiProperty } from '@nestjs/swagger';
-import { IsEnum } from 'class-validator';
+import { IsEnum, IsIn } from 'class-validator';

 export class UserRoleEditDto {
  @ApiProperty({
-    description: 'role type',
-    enum: RoleType,
+    description: 'Role type (USER or ADMIN)',
+    enum: [RoleType.USER, RoleType.ADMIN],
    required: true,
  })
  @IsEnum(RoleType)
+  @IsIn([RoleType.USER, RoleType.ADMIN], {
+    message: 'roleType must be one of the following values: USER, ADMIN',
+  })
  roleType: RoleType;
 }