feat(auth): add Monitoring role with read access to financial dashboard

src/shared/auth/role.guard.ts

@@ -39,14 +39,16 @@ class RoleGuardClass implements CanActivate {
     [UserRole.CLIENT_COMPANY]: [UserRole.KYC_CLIENT_COMPANY],
   };
 
-  constructor(private readonly entryRole: UserRole) {}
+  constructor(private readonly entryRoles: UserRole[]) {}
 
   canActivate(context: ExecutionContext): boolean {
     const userRole = context.switchToHttp().getRequest().user?.role;
-    return this.entryRole === userRole || this.additionalRoles[this.entryRole]?.includes(userRole);
+    return this.entryRoles.some(
+      (entryRole) => entryRole === userRole || this.additionalRoles[entryRole]?.includes(userRole),
+    );
   }
 }
 
-export function RoleGuard(entryRole: UserRole): RoleGuardClass {
-  return new RoleGuardClass(entryRole);
+export function RoleGuard(...entryRoles: UserRole[]): RoleGuardClass {
+  return new RoleGuardClass(entryRoles);
 }

src/shared/auth/user-role.enum.ts

@@ -11,6 +11,7 @@ export enum UserRole {
   CUSTODY = 'Custody',
   REALUNIT = 'RealUnit',
   MARKETING = 'Marketing',
+  MONITORING = 'Monitoring',
   DEBUG = 'Debug',
 
   // service roles

src/subdomains/supporting/dashboard/dashboard-financial.controller.ts

@@ -21,7 +21,7 @@ export class DashboardFinancialController {
   @Get('log')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getFinancialLog(
     @Query('from') from?: string,
     @Query('dailySample') dailySample?: string,
@@ -35,7 +35,7 @@ export class DashboardFinancialController {
   @Get('latest')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getLatestBalance(): Promise<LatestBalanceResponseDto> {
     const result = await this.dashboardFinancialService.getLatestBalance();
     if (!result) throw new NotFoundException('No financial data available');
@@ -45,7 +45,7 @@ export class DashboardFinancialController {
   @Get('changes/latest')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getLatestChanges(): Promise<FinancialChangesEntryDto> {
     const result = await this.dashboardFinancialService.getLatestFinancialChanges();
     if (!result) throw new NotFoundException('No financial changes available');
@@ -55,15 +55,15 @@ export class DashboardFinancialController {
   @Get('ref-recipients')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getRefRewardRecipients(@Query('from') from?: string): Promise<RefRewardRecipientDto[]> {
     return this.dashboardFinancialService.getRefRewardRecipients(this.parseDate(from));
   }
 
   @Get('changes')
   @ApiBearerAuth()
   @ApiExcludeEndpoint()
-  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN), UserActiveGuard())
+  @UseGuards(AuthGuard(), RoleGuard(UserRole.ADMIN, UserRole.COMPLIANCE, UserRole.MONITORING), UserActiveGuard())
   async getFinancialChanges(
     @Query('from') from?: string,
     @Query('dailySample') dailySample?: string,