Skip to main content

AllowCompanyPermission

Declarative decorator for enforcing company-level permissions on Shop API resolvers.

When applied to a resolver method, the global CompanyPermissionGuard will:

  1. Resolve the ActiveCompanyContext for the current request (throws ForbiddenError if none)
  2. Check that the company user has at least one of the specified permissions (OR logic)

If no permissions are specified, the guard only requires a valid company context without checking any specific permission.

Exclusive to Vendure Platform

This page is part of the Vendure Platform documentation. Access requires a valid Vendure Platform license.

Get license