@ApiControllerSecurable

Enables the authorization guard chain produced by @ApiController. When omitted, the guard short-circuits and policies are not evaluated. Use this decorator on every controller that must enforce authorization policies or custom guards.

Signature

@ApiControllerSecurable()

Behavior

• Sets CONTROLLER_API_DECORATOR_CONSTANT.SECURABLE_METADATA_KEY to true.
• ApiAuthorizationGuard inspects this flag to decide whether to resolve policies, guards, and security schemes for the controller.
• Works in tandem with @ApiController route configuration and @ApiAuthorizationPolicy classes.

Example

@Controller("users")
@ApiControllerSecurable()
@ApiController<UserEntity>({
	entity: UserEntity,
	routes: {
		[EApiRouteType.GET_LIST]: { authentication: { bearerStrategies: ["access-token"] } },
	},
})
export class UserController {}

Related resources

• Controller Decorators overview
• Authorization Decorators overview
• Guides – Authorization