feat: expand backend admin marketplace and scaling

src/common/guards/superadmin-permissions.guard.ts

@@ -0,0 +1,33 @@
+import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { JwtPayload } from '../interfaces/jwt-payload.interface';
+import { SUPERADMIN_PERMISSIONS_KEY } from '../decorators/superadmin-permissions.decorator';
+
+@Injectable()
+export class SuperAdminPermissionsGuard implements CanActivate {
+  constructor(private readonly reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredPermissions = this.reflector.getAllAndOverride<string[]>(
+      SUPERADMIN_PERMISSIONS_KEY,
+      [context.getHandler(), context.getClass()],
+    );
+
+    if (!requiredPermissions?.length) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<{ user?: JwtPayload }>();
+    const payload = request.user;
+    const grantedPermissions = new Set(payload?.permissions ?? []);
+    const hasAllPermissions = requiredPermissions.every((permission) =>
+      grantedPermissions.has(permission),
+    );
+
+    if (!hasAllPermissions) {
+      throw new ForbiddenException('Missing superadmin permission');
+    }
+
+    return true;
+  }
+}