Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Role-Based Access Control on Backend endpoints #2262

Open
alonp99 opened this issue Mar 31, 2024 · 0 comments
Open

Enable Role-Based Access Control on Backend endpoints #2262

alonp99 opened this issue Mar 31, 2024 · 0 comments

Comments

@alonp99
Copy link
Collaborator

alonp99 commented Mar 31, 2024

Task Definition

What?
Introduce Role-Based Access Control (RBAC) on the backend by adding roles decorators and guards to restrict access to certain endpoints based on user roles.

Why?
To ensure that sensitive operations (e.g., making decisions on a case) are only accessible by users with appropriate roles, enhancing security and operational integrity.

How?

  • Follow the guide provided in the reference article: Role-Based Access Control in NestJS.
  • Implement a Roles decorator to annotate endpoints with required roles.
  • Create a RolesGuard that checks authenticated users' roles against those required by an endpoint.
  • Integrate this guard with the application's global security context.

Acceptance Criteria:

  • Roles decorator and RolesGuard are implemented and functional.
  • Only users with appropriate roles can access restricted endpoints.
  • Documentation is updated to reflect how to use these new RBAC features.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
RBAC
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alonp99