now you can the RoleProtected decorator to protect your resolver methods! 🔥
/* ... imports ... */
import{RoleProtected}from'nestjs-role-protected'
@Resolver(Order)
exportclassOrdersResolver{
/* ... constructor and others methods ... */
@RoleProtected({
action:'update',
})
@Mutation(()=>Order)
asyncupdateOrder(
@Args('id')id:string,
@Args('input')input:OrderUpdate,
@CurrentUser()user:User,
):Promise<Order>{
returnthis.ordersService.update(id,user,input)
}
}
ok but what about ownership? you'll need to check if user is owner of the document BUT if he has permission to update any then you don't need to check that