Update README

moveaxlab · Feb 24, 2024 · 412f4b6 · 412f4b6
1 parent 50bc15b
commit 412f4b6
Showing 1 changed file with 51 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -74,10 +74,13 @@ custom transformations on the parsed access token.
 
 ## Authenticating users
 
-You can authenticate users based on their role (or token type).
-The library assumes that all access tokens contain a `tokenType` field.
+You can authenticate users based on their role (or token type) or based on the permission.
+The library assumes that all access tokens contain a `tokenType` field or a `permissions` array.
 Authentication can be applied on the class level or on the method level.
 
+### @Authenticated
+The library will check that the token type is equal with one of the roles declared in the decorator
+
 ```typescript
 import { Authenticated } from "@moveaxlab/nestjs-security";
 
@@ -93,6 +96,39 @@ class MyController {
   }
 }
 ```
+### @HasPermission
+The library will search for the required permission in the `permissions` array.
+
+```typescript
+import { HasPermission } from "@moveaxlab/nestjs-security";
+
+@HasPermission("myResource.read")
+class MyController {
+  async firstMethod() {
+    // accessible to both admins and users
+  }
+
+  @HasPermission("myResource.write")
+  async secondMethod() {
+    // only accessible to admins
+  }
+}
+```
+
+The library also accept the wildcard `*` has permission, to check that the user has a valid accessToken, but without any required permission.
+
+```typescript
+import {
+  HasPermission,
+} from "@moveaxlab/nestjs-security";
+
+@HasPermission("*")
+class MyController {
+  async getMyProfile() {
+    // use the token here
+  }
+}
+```
 
 ## Setting cookies
 
@@ -191,11 +227,16 @@ You can access the parsed access token and refresh token
 inside your controllers and resolvers using decorators.
 
 ```typescript
-import { Authenticated, AccessToken } from "@moveaxlab/nestjs-security";
+import { 
+  Authenticated, 
+  AccessToken,
+  HasPermission
+} from "@moveaxlab/nestjs-security";
 
 interface User {
   tokenType: "admin" | "user";
   uid: string;
+  permission: string[];
   // other information contained in the token
 }
 
@@ -205,6 +246,13 @@ class MyController {
     // use the token here
   }
 }
+
+@HasPermission('myPermission')
+class MySecondController {
+  async mySecondMethod(@AccessToken() token: User) {
+    // use the token here
+  }
+}
 ```
 
 The refresh token can be accessed via decorators when using cookies.