Authentication: Role-based access

[izzyconner]

As a developer, I want to limit access to certain endpoints of our API based on a user's role.

There are currently three roles defined:

• Employee
• Supervisor
• Breaktime admin

There should be an example on the existing backend controllers to test and refer to.

Conditions of satisfaction:

• Working example of an endpoint with full access to any authenticated user
• Working example of an endpoint with restricted access to one or more groups
• No data is returned and/or error is thrown for incorrect role/authentication

[izzyconner]

Reference thread:

https://stackoverflow.com/questions/41828359/how-do-i-access-the-group-for-a-cognito-user-account https://docs.nestjs.com/security/authorization

[izzyconner]

Sample output from the user payload:

{ sub: xxxx, 'cognito:groups': [ 'breaktime-management-role' ], .... username: 'izzyconner' }