gleidsonlm
commented
1 year ago Need to implement the JWT and Roles guards in /users/ as well, ensuring users can only Patch, Update, and Exclude themselves.
Closed gleidsonlm closed 1 year ago
gleidsonlm
commented
1 year ago Need to implement the JWT and Roles guards in /users/ as well, ensuring users can only Patch, Update, and Exclude themselves.
gleidsonlm
commented
1 year ago Although implementation is functioning as designed so far, there is some problem in our testing setup with Mongoose.MongoDB.Types when using InMemory DB. Reported in #7, but will not block the development.
Moving forward to implement Roles, likely using Guards.
gleidsonlm
commented
1 year ago Resolved previous problems, working on implementing the Roles guard.
gleidsonlm
commented
1 year ago Roles guard implemented, trying to fix the issue related to the requiredRoles ['admin','staff'] against userRoles [{enum: 'staff'}].
gleidsonlm
commented
1 year ago The current implementation of roles as part of User entity is not FAD , and worse, it's not supporting our idea for how the end-user will control access with them. I'll start anew , but trying Roles as a module related to the User. That will also support us in the future to implement a ACL approach for authorization.
gleidsonlm
commented
1 year ago Implemented roles guard successfully, adding another layer to the JWT authorization guard. Tests are not functioning right now. Ideally, we would implement a mock user with the proper authorization. We'll defer this for https://github.com/users/gleidsonlm/projects/1/views/1?pane=issue&itemId=18662145.
gleidsonlm
commented
1 year ago Current features of 0.1.0:
Users should only be able to reach endpoints and execute methods they are allowed. Nestjs Guards could fulfill this requirement. https://docs.nestjs.com/guards