backend/src/common/guards/roles.guard.ts

import {
  Injectable,
  CanActivate,
  ExecutionContext,
  ForbiddenException,
} from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { UserRole } from '../enums';
import { ERROR_CODES } from '../constants';

export const ROLES_KEY = 'roles';

@Injectable()
export class RolesGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(ROLES_KEY, [
      context.getHandler(),
      context.getClass(),
    ]);

    if (!requiredRoles) {
      return true;
    }

    const request = context.switchToHttp().getRequest();
    const user = request.user;

    if (!user || !user.role) {
      throw new ForbiddenException({
        code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,
        message: 'Access denied',
      });
    }

    const hasRole = requiredRoles.some((role) => user.role === role);

    if (!hasRole) {
      throw new ForbiddenException({
        code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,
        message: 'You do not have permission to perform this action',
      });
    }

    return true;
  }
}
feat: Goa GEL Blockchain e-Licensing Platform - Full Stack Implementation Complete implementation of the Goa Government e-Licensing platform with: Backend: - NestJS API with JWT authentication - PostgreSQL database with Knex ORM - Redis caching and session management - MinIO document storage - Hyperledger Besu blockchain integration - Multi-department workflow system - Comprehensive API tests (266/282 passing) Frontend: - Angular 21 with standalone components - Angular Material + TailwindCSS UI - Visual workflow builder - Document upload with progress tracking - Blockchain explorer integration - Role-based dashboards (Admin, Department, Citizen) - E2E tests with Playwright (37 tests) Infrastructure: - Docker Compose orchestration - Blockscout blockchain explorer - Development and production configurations 2026-02-07 10:23:29 -04:00			`import {`
			`Injectable,`
			`CanActivate,`
			`ExecutionContext,`
			`ForbiddenException,`
			`} from '@nestjs/common';`
			`import { Reflector } from '@nestjs/core';`
			`import { UserRole } from '../enums';`
			`import { ERROR_CODES } from '../constants';`

			`export const ROLES_KEY = 'roles';`

			`@Injectable()`
			`export class RolesGuard implements CanActivate {`
			`constructor(private reflector: Reflector) {}`

			`canActivate(context: ExecutionContext): boolean {`
			`const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(ROLES_KEY, [`
			`context.getHandler(),`
			`context.getClass(),`
			`]);`

			`if (!requiredRoles) {`
			`return true;`
			`}`

			`const request = context.switchToHttp().getRequest();`
			`const user = request.user;`

			`if (!user \|\| !user.role) {`
			`throw new ForbiddenException({`
			`code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,`
			`message: 'Access denied',`
			`});`
			`}`

			`const hasRole = requiredRoles.some((role) => user.role === role);`

			`if (!hasRole) {`
			`throw new ForbiddenException({`
			`code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,`
			`message: 'You do not have permission to perform this action',`
			`});`
			`}`

			`return true;`
			`}`
			`}`