Bird
0
0

You want to create a route accessible only to users with roles 'admin' or 'manager'. Which is the best way to apply this in NestJS?

hard📝 Conceptual Q8 of 15
NestJS - Authentication
You want to create a route accessible only to users with roles 'admin' or 'manager'. Which is the best way to apply this in NestJS?
AUse @Roles('admin', 'manager') decorator and RolesGuard on the route
BCheck roles manually inside the controller method
CUse a middleware to filter roles before the controller
DAdd roles to the request object in a pipe
Step-by-Step Solution
Solution:

  1. Step 1: Identify standard NestJS role restriction method

    Using a custom @Roles decorator with RolesGuard is the recommended pattern.

  2. Step 2: Compare alternatives

    Manual checks or middleware are less clean; pipes modify data but don't enforce access.

  3. Final Answer:

    Use @Roles('admin', 'manager') decorator and RolesGuard on the route -> Option A

  4. Quick Check:

    Standard role restriction = decorator + guard [OK]
Quick Trick: Combine @Roles decorator with RolesGuard for clean access control [OK]
Common Mistakes:
  • Doing manual role checks in controllers
  • Using middleware instead of guards
  • Misusing pipes for authorization

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More NestJS Quizzes
Authentication - Why authentication secures NestJS APIs - Quiz 12easy Authentication - JWT strategy - Quiz 4medium Authentication - Protected routes with guards - Quiz 14medium Database with Prisma - Prisma Client usage - Quiz 15hard Database with Prisma - Prisma migrations - Quiz 12easy Database with Prisma - Why Prisma offers type-safe database access - Quiz 2easy Database with Prisma - Schema definition - Quiz 11easy Database with TypeORM - TypeORM module setup - Quiz 6medium Interceptors - Cache interceptor - Quiz 14medium Middleware - Middleware ordering - Quiz 4medium