mahi/Goa-gel-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9de183e51124bd38da738e4c63fbb7a0a698e35
Goa-gel-fullstack/backend/src/common/guards/roles.guard.ts
Mahi d9de183e51 feat: Runtime configuration and Docker deployment improvements 
Frontend:
- Add runtime configuration service for deployment-time API URL injection
- Create docker-entrypoint.sh to generate config.json from environment variables
- Update ApiService, ApprovalService, and DocumentViewer to use RuntimeConfigService
- Add APP_INITIALIZER to load runtime config before app starts

Backend:
- Fix init-blockchain.js to properly quote mnemonic phrases in .env file
- Improve docker-entrypoint.sh with health checks and better error handling

Docker:
- Add API_BASE_URL environment variable to frontend container
- Update docker-compose.yml with clear documentation for remote deployment
- Reorganize .env.example with clear categories (REQUIRED FOR REMOTE, PRODUCTION, AUTO-GENERATED)

Workflow fixes:
- Fix DepartmentApproval interface to match backend schema
- Fix stage transformation for 0-indexed stageOrder
- Fix workflow list to show correct stage count from definition.stages

Cleanup:
- Move development artifacts to .trash directory
- Remove root-level package.json (was only for utility scripts)
- Add .trash/ to .gitignore
2026-02-08 18:45:01 -04:00

46 lines
1.3 KiB
TypeScript
Raw Blame History

import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { UserRole } from '../enums';
import { ERROR_CODES } from '../constants';
export const ROLES_KEY = 'roles';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(ROLES_KEY, [
context.getHandler(),
context.getClass(),
]);
if (!requiredRoles) {
return true;
}
const request = context.switchToHttp().getRequest();
const user = request.user;
if (!user || !user.role) {
throw new ForbiddenException({
code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,
message: 'Access denied',
});
}
// Map CITIZEN role to APPLICANT for backwards compatibility
const normalizedUserRole = user.role === 'CITIZEN' ? UserRole.APPLICANT : user.role;
const hasRole = requiredRoles.some(role => normalizedUserRole === role);
if (!hasRole) {
throw new ForbiddenException({
code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,
message: 'You do not have permission to perform this action',
});
}
return true;
}
}
Reference in New Issue View Git Blame Copy Permalink