Permission-based authorization guard Checks if the user has required permissions to access a resource
@Injectable()class CustomPermissionGuard extends PermissionGuard { async canActivate(context: MCPExecutionContext): Promise<boolean> { const request = context.getRequest(); const requiredPermission = context.getMetadata<string>('permission'); const userPermissions = this.getUserPermissions(request); if (!requiredPermission) return true; if (!userPermissions.includes(requiredPermission)) { throw new MCPForbiddenException(`Missing permission: ${requiredPermission}`); } return true; }}// Usage with custom metadata decorator@Injectable()class MyToolProvider { @RequirePermission('admin') @UseMCPGuards(CustomPermissionGuard) @MCPTool({ name: 'admin_tool', description: 'Admin only tool' }) async adminTool() { return 'Admin data'; }} Copy
@Injectable()class CustomPermissionGuard extends PermissionGuard { async canActivate(context: MCPExecutionContext): Promise<boolean> { const request = context.getRequest(); const requiredPermission = context.getMetadata<string>('permission'); const userPermissions = this.getUserPermissions(request); if (!requiredPermission) return true; if (!userPermissions.includes(requiredPermission)) { throw new MCPForbiddenException(`Missing permission: ${requiredPermission}`); } return true; }}// Usage with custom metadata decorator@Injectable()class MyToolProvider { @RequirePermission('admin') @UseMCPGuards(CustomPermissionGuard) @MCPTool({ name: 'admin_tool', description: 'Admin only tool' }) async adminTool() { return 'Admin data'; }}
Determine if the operation can proceed
true if allowed, false if denied, or throws an exception
Protected
Extract user permissions from request - override this
Permission-based authorization guard Checks if the user has required permissions to access a resource
Example