refactor: 重构项目目录与代码结构,清理冗余文件
本次提交进行了大规模的项目结构调整: 1. 调整文件目录归属,将模块代码按功能域重新组织 2. 删除多处冗余的DTO、实体类和模块文件 3. 统一了常量、装饰器、工具类的存放位置 4. 修复了`.gitignore`的日志目录匹配规则 5. 新增了健康检查、认证、用户、剧集、订单等核心业务模块
This commit is contained in:
54
guards/permissions.guard.ts
Normal file
54
guards/permissions.guard.ts
Normal file
@@ -0,0 +1,54 @@
|
||||
import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
|
||||
import { Reflector } from '@nestjs/core';
|
||||
import { Request } from 'express';
|
||||
import {
|
||||
REQUIRED_PERMISSIONS_METADATA,
|
||||
} from '../decorators/require-permissions.decorator';
|
||||
import { AdminUserRecord } from '../interfaces/admin-records.interface';
|
||||
import { AdminService } from '../admin.service';
|
||||
|
||||
@Injectable()
|
||||
export class PermissionsGuard implements CanActivate {
|
||||
constructor(
|
||||
private readonly reflector: Reflector,
|
||||
private readonly adminService: AdminService,
|
||||
) {}
|
||||
|
||||
async canActivate(context: ExecutionContext): Promise<boolean> {
|
||||
const required =
|
||||
this.reflector.getAllAndOverride<string[]>(
|
||||
REQUIRED_PERMISSIONS_METADATA,
|
||||
[context.getHandler(), context.getClass()],
|
||||
) ?? [];
|
||||
|
||||
if (required.length === 0) {
|
||||
return true;
|
||||
}
|
||||
|
||||
const request = context
|
||||
.switchToHttp()
|
||||
.getRequest<Request & { adminUser?: AdminUserRecord }>();
|
||||
const adminUser = request.adminUser;
|
||||
|
||||
if (!adminUser) {
|
||||
throw new ForbiddenException('No permission');
|
||||
}
|
||||
|
||||
if (adminUser.isSuperAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
const permissions = await this.adminService.getPermissionCodesForAdmin(
|
||||
adminUser.id,
|
||||
);
|
||||
const allowed = required.every((permission) =>
|
||||
permissions.includes(permission),
|
||||
);
|
||||
|
||||
if (!allowed) {
|
||||
throw new ForbiddenException('No permission');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user