Controllers

This option enables exposing a set of authorization related endpoints, which helps the client side to manage the roles and permissions effectively.

Operation Mode

The endpoints are divided into two types, Prisma Based or Discovery Based.

Discovery Based

When operating in this mode, all the permissions provided for the controllers and methods using SetPermission decorator will be collected and used as source of truth instead of relying on a database.

Endpoints

Operating in this mode will provide two endpoints, documented here

Prisma Based

This mode will rely on a database to store, retrieve and update the available permissions. In order to enable this mode a Prisma client injection token should be provided in the features object.

How to enable it

To enable it you have two fulfill two steps:

1. Provide a Prisma client injection token inside the features object

2. Add the following to your Prisma schema file

   model User {
       id String @id @default(uuid())
       roles Role[]
   }
   
   model Role {
       id          String       @id @default(uuid())
       name        String
       users       User[]
       permissions Permission[]
   }
   
   model Permission {
       id   String @id @default(uuid())
       name String @unique
       roles Role[]
   }

Finishing the previous two steps will enable the module to operate in Prisma Based mode.

Endpoints

This mode will expose six endpoints documented here

Permissions

To manage endpoint access, a comprehensive set of permissions can be provided. as the following example

AuthorizationModule.registerAsync({
    features: {
        globalAuthorizationGuard: false,
        controllers: {
            permissions: ['authorization:update']
            decorators: [/** Your Decorators */],
            guards: [/** Your Guards */]
        },
        prisma: { client: PrismaClient },
        propertyPermission: true,
        swagger: true,
        
        /** Retrieval Options */
}});

Decorators

To add additional functionality to the provided controllers, you can provided a set of decorators factory

AuthorizationModule.registerAsync({
    features: {
        globalAuthorizationGuard: false,
        controllers: {
            permissions: [/** Your Permissions */]
            decorators: [() => VeryCoolDecorator],
            guards: [/** Your Guards */]
        },
        prisma: { client: PrismaClient },
        propertyPermission: true,
        swagger: true,
        
        /** Retrieval Options */
}});

Guards

In addition to the authorization guard, you might need to add additional protection logic to the authorization controllers, you can easily implement this by using the guards option within the controllers' object

AuthorizationModule.registerAsync({
    features: {
        globalAuthorizationGuard: false,
        controllers: {
            permissions: [/** Your Permissions */]
            decorators: [/** Your Decorators */]
            guards: [SuperPowerfulGuard]
        },
        prisma: { client: PrismaClient },
        propertyPermission: true,
        swagger: true,
        
        /** Retrieval Options */
}});