feat: Added methods for organization

2026-03-11 21:47:35 +05:45
parent 6fc494687a
commit 349196b801
24 changed files with 504 additions and 189 deletions
--- a/src/auth/decorators/authorization.decorator.ts
+++ b/src/auth/decorators/authorization.decorator.ts
@@ -0,0 +1,16 @@
+import { applyDecorators, SetMetadata, UseGuards } from "@nestjs/common";
+import { CAN_PERFORM_KEY } from "common/keys";
+import { ORG_ROLE } from "prisma/generated/prisma/enums";
+import { AuthorizationGuard } from "../guards";
+
+/*
+ *Is this user part of the organization (And optionally, has required role)
+ * */
+
+export function Authorization(role?: ORG_ROLE[]) {
+  return applyDecorators(
+    SetMetadata(CAN_PERFORM_KEY, role),
+    UseGuards(AuthorizationGuard)
+  )
+}
+//export const Authorization = (role?: ORG_ROLE[]) => SetMetadata(CAN_PERFORM_KEY, role)
--- a/src/auth/decorators/index.ts
+++ b/src/auth/decorators/index.ts
@@ -1,2 +1,3 @@
 export * from './public.decorator';
 export * from './role.decorator';
+export * from './authorization.decorator';
--- a/src/auth/decorators/role.decorator.ts
+++ b/src/auth/decorators/role.decorator.ts
@@ -1,4 +1,6 @@
 import { SetMetadata } from '@nestjs/common';
-import { ROLE_KEY } from 'common/keys';
+import { ORG_ROLE_KEY, ROLE_KEY } from 'common/keys';

 export const Roles = (role: string) => SetMetadata(ROLE_KEY, role);
+
+export const OrgRole = (role: string) => SetMetadata(ORG_ROLE_KEY, role);
--- a/src/auth/guards/authorization.guard.ts
+++ b/src/auth/guards/authorization.guard.ts
@@ -0,0 +1,57 @@
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+  UnauthorizedException
+} from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import { CAN_PERFORM_KEY } from "common/keys";
+import { RequestContextService } from "core/als/request-context.service";
+import { ORG_ROLE } from "prisma/generated/prisma/enums";
+import { PrismaService } from "src/prisma/prisma.service";
+
+@Injectable()
+export class AuthorizationGuard implements CanActivate {
+  constructor(
+    private readonly reqeustContext: RequestContextService,
+    private readonly reflector: Reflector,
+    private readonly prisma: PrismaService,
+  ) { };
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const requiredRole = this.reflector.getAllAndOverride<ORG_ROLE[] | undefined>(
+      CAN_PERFORM_KEY,
+      [context.getHandler(), context.getClass()]
+    )
+
+    const userId = this.reqeustContext.user.userId;
+    if (!userId)
+      throw new UnauthorizedException()
+
+    const request = context.switchToHttp().getRequest()
+    const orgId = request.params.orgId;
+
+    if (!orgId)
+      throw new BadRequestException()
+
+    const userIsPartOfOrg = await this.prisma.organizationUserJoinTable.findUnique({
+      where: {
+        userId_orgId: {
+          userId,
+          orgId
+        },
+        ...(requiredRole ? { role: { in: requiredRole } } : {})
+      },
+      select: {
+        userId: true
+      }
+    })
+    if (!userIsPartOfOrg)
+      throw new ForbiddenException()
+
+    this.reqeustContext.orgId = orgId;
+    return true;
+  }
+}
--- a/src/auth/guards/index.ts
+++ b/src/auth/guards/index.ts
@@ -0,0 +1 @@
+export * from "./authorization.guard"
--- a/src/auth/guards/rbac.guard.ts
+++ b/src/auth/guards/rbac.guard.ts
@@ -11,7 +11,7 @@ export class RbacGuard implements CanActivate {
  constructor(
    private readonly reflector: Reflector,
    private readonly requestContext: RequestContextService,
-  ) {}
+  ) { }
  canActivate(context: ExecutionContext) {
    const requiredRole = this.reflector.getAllAndOverride<string>(ROLE_KEY, [
      context.getHandler(),