Open CanKattwinkel opened 6 years ago
From the code, it looks like the auth guards are currently just checking to see if the user is logged in or not. It would be useful to see how the admin section could just be restricted to a specific user role.
Thank you for sharing this code. This has been very helpful for understanding how to implement JWT authentication and authorization with a NestJS project.
Inspiration: https://github.com/zelazna/NestAPI/blob/da1bfcd32223bcbec26e190aee4742430669927b/src/common/guards/roles.guard.ts
The system may have to allow fine-grained authorizations from the outset. So when starting working on this, take a look at how other projects handle this.
Fixed when: