src/common/guards/roles.guard.ts

import {
  Injectable,
  CanActivate,
  ExecutionContext,
  ForbiddenException,
} from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { ROLES_KEY } from "../decorators/roles.decorator";
import { UserRole } from "../enums";
import { ErrorCode, ErrorMessage } from "../interfaces/response.interface";

/**
 * 角色守卫
 * 检查用户是否拥有所需的角色
 */
@Injectable()
export class RolesGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
      ROLES_KEY,
      [context.getHandler(), context.getClass()],
    );

    if (!requiredRoles) {
      return true;
    }

    const { user } = context.switchToHttp().getRequest();

    if (!user) {
      throw new ForbiddenException({
        code: ErrorCode.UNAUTHORIZED,
        message: ErrorMessage[ErrorCode.UNAUTHORIZED],
      });
    }

    const hasRole = requiredRoles.some((role) => user.role === role);

    if (!hasRole) {
      throw new ForbiddenException({
        code: ErrorCode.NO_PERMISSION,
        message: ErrorMessage[ErrorCode.NO_PERMISSION],
      });
    }

    return true;
  }
}
chore: 代码风格统一和项目文档添加主要变更： 1. 代码风格统一 - 统一使用双引号替代单引号 - 保持项目代码风格一致性 - 涵盖所有模块、配置、实体和服务文件 2. 项目文档 - 新增 SECURITY_FIXES_SUMMARY.md - 安全修复总结文档 - 新增项目问题评估报告.md - 项目问题评估文档 3. 包含修改的文件类别 - 配置文件：app, database, jwt, redis, cache, performance - 实体文件：所有 TypeORM 实体 - 模块文件：所有业务模块 - 公共模块：guards, decorators, interceptors, filters, utils - 测试文件：单元测试和 E2E 测试 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-01-28 13:03:28 +08:00			`import {`
			`Injectable,`
			`CanActivate,`
			`ExecutionContext,`
			`ForbiddenException,`
			`} from "@nestjs/common";`
			`import { Reflector } from "@nestjs/core";`
			`import { ROLES_KEY } from "../decorators/roles.decorator";`
			`import { UserRole } from "../enums";`
			`import { ErrorCode, ErrorMessage } from "../interfaces/response.interface";`
初始化游戏小组管理系统后端项目 - 基于 NestJS + TypeScript + MySQL + Redis 架构 - 完整的模块化设计（认证、用户、小组、游戏、预约等） - JWT 认证和 RBAC 权限控制系统 - Docker 容器化部署支持 - 添加 CLAUDE.md 项目开发指南 - 配置 .gitignore 忽略文件 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-01-28 10:42:06 +08:00
			`/**`
			`* 角色守卫`
			`* 检查用户是否拥有所需的角色`
			`*/`
			`@Injectable()`
			`export class RolesGuard implements CanActivate {`
			`constructor(private reflector: Reflector) {}`

			`canActivate(context: ExecutionContext): boolean {`
			`const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(`
			`ROLES_KEY,`
			`[context.getHandler(), context.getClass()],`
			`);`

			`if (!requiredRoles) {`
			`return true;`
			`}`

			`const { user } = context.switchToHttp().getRequest();`

			`if (!user) {`
			`throw new ForbiddenException({`
			`code: ErrorCode.UNAUTHORIZED,`
			`message: ErrorMessage[ErrorCode.UNAUTHORIZED],`
			`});`
			`}`

			`const hasRole = requiredRoles.some((role) => user.role === role);`

			`if (!hasRole) {`
			`throw new ForbiddenException({`
			`code: ErrorCode.NO_PERMISSION,`
			`message: ErrorMessage[ErrorCode.NO_PERMISSION],`
			`});`
			`}`

			`return true;`
			`}`
			`}`