0
0
NestJSframework~20 mins

Role-based guards in NestJS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Role-based Guard Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output of this NestJS guard when a user with role 'user' tries to access?

Consider this role-based guard in NestJS that allows access only to users with the 'admin' role.

import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';

@Injectable()
export class RolesGuard implements CanActivate {
  canActivate(context: ExecutionContext): boolean {
    const request = context.switchToHttp().getRequest();
    const user = request.user;
    return user?.roles?.includes('admin');
  }
}

If a request has user.roles = ['user'], what will the guard return?

Atrue
Bfalse
Cundefined
Dthrows a runtime error
Attempts:
2 left
💡 Hint

Check if the roles array includes 'admin'.

📝 Syntax
intermediate
2:00remaining
Which option correctly applies a RolesGuard to a controller method in NestJS?

Given a RolesGuard class, which of the following code snippets correctly applies it to a controller method?

A
@UseGuards(RolesGuard)
@Get('admin')
getAdminData() { return 'data'; }
B
@UseGuard(RolesGuard)
@Get('admin')
getAdminData() { return 'data'; }
C
@UseGuards(RolesGuard())
@Get('admin')
getAdminData() { return 'data'; }
D
@UseGuards('RolesGuard')
@Get('admin')
getAdminData() { return 'data'; }
Attempts:
2 left
💡 Hint

Check the correct decorator name and usage syntax.

🔧 Debug
advanced
3:00remaining
Why does this RolesGuard always deny access even for 'admin' users?

Examine this RolesGuard code:

import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';

@Injectable()
export class RolesGuard implements CanActivate {
  canActivate(context: ExecutionContext): boolean {
    const request = context.switchToHttp().getRequest();
    const user = request.user;
    if (!user) return false;
    if (user.roles === 'admin') {
      return true;
    }
    return false;
  }
}

Users have roles as an array of strings, e.g., ['admin']. Why does this guard deny access to admins?

ABecause the guard never returns true
BBecause request.user is undefined
CBecause it compares an array to a string with ===, which is always false
DBecause the guard is missing @Injectable decorator
Attempts:
2 left
💡 Hint

Check how roles are compared.

state_output
advanced
2:00remaining
What is the value of 'hasAccess' after running this guard with user roles ['editor', 'admin']?

Given this guard snippet:

canActivate(context: ExecutionContext): boolean {
  const request = context.switchToHttp().getRequest();
  const user = request.user;
  const allowedRoles = ['admin', 'superuser'];
  const hasAccess = user.roles.some(role => allowedRoles.includes(role));
  return hasAccess;
}

If user.roles = ['editor', 'admin'], what is the value of hasAccess?

Atrue
Bundefined
Cthrows a TypeError
Dfalse
Attempts:
2 left
💡 Hint

Check if any user role matches allowedRoles.

🧠 Conceptual
expert
2:30remaining
Which statement best describes the purpose of role-based guards in NestJS?

Choose the most accurate description of role-based guards in NestJS.

AThey replace the need for authentication by verifying user identity
BThey automatically assign roles to users when they log in
CThey encrypt user roles to secure them in the database
DThey restrict access to routes based on user roles by checking roles during request handling
Attempts:
2 left
💡 Hint

Think about what guards do in NestJS.