NestJSframework~30 mins

Role-based guards in NestJS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Role-based Guards in NestJS

📖 Scenario: You are building a simple NestJS backend for a company. Different users have different roles like admin and user. You want to protect certain routes so only users with the right role can access them.

🎯 Goal: Create a role-based guard in NestJS that checks if a user has the required role before allowing access to a route.

📋 What You'll Learn

Create a roles array to hold user roles

Create a constant for the required role

Implement a guard class that checks user roles

Apply the guard to a controller route

💡 Why This Matters

🌍 Real World

Role-based guards are used in real applications to restrict access to certain parts of a backend API based on user permissions.

💼 Career

Understanding role-based guards is essential for backend developers working with NestJS to build secure and maintainable applications.

Progress0 / 4 steps

Create a roles array

Create a constant array called roles with the exact values 'admin' and 'user'.

NestJS

# Create a constant array called roles with 'admin' and 'user'
# Your code here

Need a hint?

Use const roles = ['admin', 'user']; to create the array.

Create a required role constant

Create a constant called requiredRole and set it to the string 'admin'.

NestJS

const roles = ['admin', 'user'];
# Create a constant called requiredRole and set it to 'admin'
# Your code here

Need a hint?

Use const requiredRole = 'admin'; to set the required role.

Implement the role guard class

Create a class called RolesGuard that implements CanActivate. Inside, write a canActivate method that takes context and returns true only if requiredRole is included in roles.

NestJS

const roles = ['admin', 'user'];
const requiredRole = 'admin';

# Create RolesGuard class implementing CanActivate
# Add canActivate method checking if requiredRole is in roles
# Your code here

Need a hint?

Use roles.includes(requiredRole) inside canActivate to check the role.

Apply the guard to a controller route

In a controller class called AppController, create a method getAdminData decorated with @Get('admin') and @UseGuards(RolesGuard). The method should return the string 'Admin content'.

NestJS

const roles = ['admin', 'user'];
const requiredRole = 'admin';

import { CanActivate, ExecutionContext, Injectable, Controller, Get, UseGuards } from '@nestjs/common';

@Injectable()
export class RolesGuard implements CanActivate {
  canActivate(context: ExecutionContext): boolean {
    return roles.includes(requiredRole);
  }
}

# Create AppController class
# Add getAdminData method with @Get('admin') and @UseGuards(RolesGuard)
# Return 'Admin content' from getAdminData
# Your code here

Need a hint?

Use @UseGuards(RolesGuard) above the method to protect the route.