From 814b25742b8ab5320f00ea5c4dc7db5ecabb24df Mon Sep 17 00:00:00 2001
From: Matthieu Haineault <matthieuh@targointernet.com>
Date: Mon, 21 Jul 2025 16:03:38 -0400
Subject: [PATCH] fix(guard): small fix

---
 src/common/guards/roles.guard.ts | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/common/guards/roles.guard.ts b/src/common/guards/roles.guard.ts
index f36a0be..ef8b7ff 100644
--- a/src/common/guards/roles.guard.ts
+++ b/src/common/guards/roles.guard.ts
@@ -17,22 +17,19 @@ interface RequestWithUser extends Request {
 export class RolesGuard implements CanActivate {
   constructor(private reflector: Reflector) {}
 
-  canActivate(ctx: ExecutionContext): boolean {
-    const requiredRoles = this.reflector.get<Roles[]>(
-      ROLES_KEY,
-      ctx.getHandler(),
-    );
-    //for "deny-by-default" when role is wrong or unavailable
-    if (!requiredRoles || requiredRoles.length === 0) {
-      return false;
+  canActivate(context: ExecutionContext): boolean {
+    const roles = this.reflector.getAllAndOverride<Roles[]>(ROLES_KEY, [context.getHandler(), context.getClass()]);
+
+    if (!roles) {
+      return true;
     }
-    const request = ctx.switchToHttp().getRequest<RequestWithUser>();
+    const request = context.switchToHttp().getRequest<RequestWithUser>();
     const user = request.user;
 
     if (!user) {
       return false;
     }
-    if (!requiredRoles.includes(user.role)) {
+    if (!roles.includes(user.role)) {
       throw new ForbiddenException(
         `The role ${user.role} is not authorized to access this resource.`,
       );