30 lines
957 B
TypeScript
30 lines
957 B
TypeScript
import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
|
|
import { UsersService } from '../../users/services/users.service';
|
|
|
|
@Injectable()
|
|
export class MerchantGuard implements CanActivate {
|
|
constructor(private readonly usersService: UsersService) {}
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
const request = context.switchToHttp().getRequest();
|
|
const user = request.user;
|
|
|
|
if (!user) {
|
|
throw new ForbiddenException('User not authenticated');
|
|
}
|
|
|
|
try {
|
|
const userRoles = await this.usersService.getUserClientRoles(user.sub);
|
|
|
|
// Autoriser les admins et les marchands
|
|
if (userRoles.includes('admin') || userRoles.includes('merchant')) {
|
|
return true;
|
|
}
|
|
|
|
throw new ForbiddenException('Merchant access required');
|
|
} catch (error) {
|
|
throw new ForbiddenException('Failed to verify merchant permissions');
|
|
}
|
|
}
|
|
}
|