src/common/guards/roles.guard.ts

import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { ROLES_KEY } from '../decorators/roles.decorator';
import { UserRole } from '../enums';
import { ErrorCode, ErrorMessage } from '../interfaces/response.interface';

/**
 * 角色守卫
 * 检查用户是否拥有所需的角色
 */
@Injectable()
export class RolesGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
      ROLES_KEY,
      [context.getHandler(), context.getClass()],
    );

    if (!requiredRoles) {
      return true;
    }

    const { user } = context.switchToHttp().getRequest();

    if (!user) {
      throw new ForbiddenException({
        code: ErrorCode.UNAUTHORIZED,
        message: ErrorMessage[ErrorCode.UNAUTHORIZED],
      });
    }

    const hasRole = requiredRoles.some((role) => user.role === role);

    if (!hasRole) {
      throw new ForbiddenException({
        code: ErrorCode.NO_PERMISSION,
        message: ErrorMessage[ErrorCode.NO_PERMISSION],
      });
    }

    return true;
  }
}
初始化游戏小组管理系统后端项目 - 基于 NestJS + TypeScript + MySQL + Redis 架构 - 完整的模块化设计（认证、用户、小组、游戏、预约等） - JWT 认证和 RBAC 权限控制系统 - Docker 容器化部署支持 - 添加 CLAUDE.md 项目开发指南 - 配置 .gitignore 忽略文件 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-01-28 10:42:06 +08:00			`import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';`
			`import { Reflector } from '@nestjs/core';`
			`import { ROLES_KEY } from '../decorators/roles.decorator';`
			`import { UserRole } from '../enums';`
			`import { ErrorCode, ErrorMessage } from '../interfaces/response.interface';`

			`/**`
			`* 角色守卫`
			`* 检查用户是否拥有所需的角色`
			`*/`
			`@Injectable()`
			`export class RolesGuard implements CanActivate {`
			`constructor(private reflector: Reflector) {}`

			`canActivate(context: ExecutionContext): boolean {`
			`const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(`
			`ROLES_KEY,`
			`[context.getHandler(), context.getClass()],`
			`);`

			`if (!requiredRoles) {`
			`return true;`
			`}`

			`const { user } = context.switchToHttp().getRequest();`

			`if (!user) {`
			`throw new ForbiddenException({`
			`code: ErrorCode.UNAUTHORIZED,`
			`message: ErrorMessage[ErrorCode.UNAUTHORIZED],`
			`});`
			`}`

			`const hasRole = requiredRoles.some((role) => user.role === role);`

			`if (!hasRole) {`
			`throw new ForbiddenException({`
			`code: ErrorCode.NO_PERMISSION,`
			`message: ErrorMessage[ErrorCode.NO_PERMISSION],`
			`});`
			`}`

			`return true;`
			`}`
			`}`