NestJS - Authentication
Why might this RolesGuard fail to restrict access properly?
canActivate(context: ExecutionContext) {
const roles = this.reflector.getAllAndOverride('roles', [context.getHandler(), context.getClass()]);
const user = context.switchToHttp().getRequest().user;
if (!roles) return false;
return roles.some(role => user.roles.includes(role));
}