Closed gleidsonlm closed 1 year ago
Need to implement the JWT and Roles guards in /users/ as well, ensuring users can only Patch, Update, and Exclude themselves.
Although implementation is functioning as designed so far, there is some problem in our testing setup with Mongoose.MongoDB.Types when using InMemory DB. Reported in #7, but will not block the development.
Moving forward to implement Roles, likely using Guards.
Resolved previous problems, working on implementing the Roles guard.
Roles guard implemented, trying to fix the issue related to the requiredRoles ['admin','staff'] against userRoles [{enum: 'staff'}].
The current implementation of roles as part of User entity is not FAD , and worse, it's not supporting our idea for how the end-user will control access with them. I'll start anew , but trying Roles as a module related to the User. That will also support us in the future to implement a ACL approach for authorization.
Implemented roles guard successfully, adding another layer to the JWT authorization guard. Tests are not functioning right now. Ideally, we would implement a mock user with the proper authorization. We'll defer this for https://github.com/users/gleidsonlm/projects/1/views/1?pane=issue&itemId=18662145.
Current features of 0.1.0:
Users should only be able to reach endpoints and execute methods they are allowed. Nestjs Guards could fulfill this requirement. https://docs.nestjs.com/guards