From 29b15c157b45e6b038cc22f31c33d8bdb5c3343c Mon Sep 17 00:00:00 2001
From: TaprootFreak <142087526+TaprootFreak@users.noreply.github.com>
Date: Wed, 20 May 2026 08:17:19 +0200
Subject: [PATCH] feat(auth): add Monitoring role with read access to financial
 dashboard

---
 src/shared/auth/role.guard.ts                          | 10 ++++++----
 src/shared/auth/user-role.enum.ts                      |  1 +
 .../dashboard/dashboard-financial.controller.ts        | 10 +++++-----
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/shared/auth/role.guard.ts b/src/shared/auth/role.guard.ts
index b0e3fe11af..4378947b34 100644
--- a/src/shared/auth/role.guard.ts
+++ b/src/shared/auth/role.guard.ts
@@ -39,14 +39,16 @@ class RoleGuardClass implements CanActivate {
     [UserRole.CLIENT_COMPANY]: [UserRole.KYC_CLIENT_COMPANY],
   };
 
-  constructor(private readonly entryRole: UserRole) {}
+  constructor(private readonly entryRoles: UserRole[]) {}
 
   canActivate(context: ExecutionContext): boolean {
     const userRole = context.switchToHttp().getRequest().user?.role;
-    return this.entryRole === userRole || this.additionalRoles[this.entryRole]?.includes(userRole);
+    return this.entryRoles.some(
+      (entryRole) => entryRole === userRole || this.additionalRoles[entryRole]?.includes(userRole),
+    );
   }
 }
 
-export function RoleGuard(entryRole: UserRole): RoleGuardClass {
-  return new RoleGuardClass(entryRole);
+export function RoleGuard(...entryRoles: UserRole[]): RoleGuardClass {
+  return new RoleGuardClass(entryRoles);
 }
diff --git a/src/shared/auth/user-role.enum.ts b/src/shared/auth/user-role.enum.ts
index e30f9adbe2..d2c908fd31 100644
--- a/src/shared/auth/user-role.enum.ts
+++ b/src/shared/auth/user-role.enum.ts
@@ -11,6 +11,7 @@ export enum UserRole {
   CUSTODY = 'Custody',
   REALUNIT = 'RealUnit',
   MARKETING = 'Marketing',
+  MONITORING = 'Monitoring',
   DEBUG = 'Debug',
 
   // service roles
diff --git a/src/subdomains/supporting/dashboard/dashboard-financial.controller.ts b/src/subdomains/supporting/dashboard/dashboard-financial.controller.ts
index 550afd1341..4c85176614 100644
--- a/src/subdomains/supporting/dashboard/dashboard-financial.controller.ts
+++ b/src/subdomains/supporting/dashboard/dashboard-financial.controller.ts
@@ -21,7 +21,7 @@ export class DashboardFinancialController {
   @Get('log')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getFinancialLog(
     @Query('from') from?: string,
     @Query('dailySample') dailySample?: string,
@@ -35,7 +35,7 @@ export class DashboardFinancialController {
   @Get('latest')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getLatestBalance(): Promise<LatestBalanceResponseDto> {
     const result = await this.dashboardFinancialService.getLatestBalance();
     if (!result) throw new NotFoundException('No financial data available');
@@ -45,7 +45,7 @@ export class DashboardFinancialController {
   @Get('changes/latest')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getLatestChanges(): Promise<FinancialChangesEntryDto> {
     const result = await this.dashboardFinancialService.getLatestFinancialChanges();
     if (!result) throw new NotFoundException('No financial changes available');
@@ -55,7 +55,7 @@ export class DashboardFinancialController {
   @Get('ref-recipients')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getRefRewardRecipients(@Query('from') from?: string): Promise<RefRewardRecipientDto[]> {
     return this.dashboardFinancialService.getRefRewardRecipients(this.parseDate(from));
   }
@@ -63,7 +63,7 @@ export class DashboardFinancialController {
   @Get('changes')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getFinancialChanges(
     @Query('from') from?: string,
     @Query('dailySample') dailySample?: string,