[Solved] Given this RolesGuard code, what will happen if a user with role 'guest' tries to access a route requiring 'admin' role?... return requiredRoles.some(role => user.roles?.includes(role)); | NestJS

NestJS - Authentication

Given this RolesGuard code, what will happen if a user with role 'guest' tries to access a route requiring 'admin' role?

canActivate(context: ExecutionContext) {
  const requiredRoles = this.reflector.getAllAndOverride('roles', [context.getHandler(), context.getClass()]);
  const { user } = context.switchToHttp().getRequest();
  return requiredRoles.some(role => user.roles?.includes(role));
}

AAn error occurs due to missing roles property

BAccess is denied because 'guest' role is not in requiredRoles

CAccess is granted because any role is accepted

DAccess is granted only if user has 'guest' role

Step-by-Step Solution

Solution:

Step 1: Understand the guard logic
The guard checks if user roles include any required role using some() method.
Step 2: Analyze user role vs required role
User has 'guest', required is 'admin'; 'guest' is not included, so some() returns false.
Final Answer:
Access is denied because 'guest' role is not in requiredRoles -> Option B
Quick Check:
Role mismatch = access denied [OK]

Quick Trick: User roles must match required roles exactly [OK]

Common Mistakes:

Assuming any role grants access
Ignoring role check logic
Thinking missing roles cause errors

Master "Authentication" in NestJS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

More NestJS Quizzes

Given this RolesGuard code, what will happen if a user with role 'guest' tries to access a route requiring 'admin' role?

Step 1: Understand the guard logic

Step 2: Analyze user role vs required role

Final Answer:

Quick Check:

Want More Practice?