From 2e91cea7177ee2f4caf48cc3f54a2a539e7da3e0 Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Fri, 24 Oct 2025 10:51:03 +0300
Subject: [PATCH] When checking m2m scopes - one scope match is enough

---
 src/auth/guards/roles.guard.ts  | 2 +-
 src/auth/guards/scopes.guard.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/auth/guards/roles.guard.ts b/src/auth/guards/roles.guard.ts
index cdbd8e8..32a1188 100644
--- a/src/auth/guards/roles.guard.ts
+++ b/src/auth/guards/roles.guard.ts
@@ -48,7 +48,7 @@ export class RolesGuard implements CanActivate {
             .map((s: string) => s.trim())
             .filter(Boolean);
 
-      const scopeOk = fallbackScopes.every((s) => scopes.includes(s));
+      const scopeOk = fallbackScopes.some((s) => scopes.includes(s));
       if (scopeOk) return true;
     }
 
diff --git a/src/auth/guards/scopes.guard.ts b/src/auth/guards/scopes.guard.ts
index 476151e..2913325 100644
--- a/src/auth/guards/scopes.guard.ts
+++ b/src/auth/guards/scopes.guard.ts
@@ -32,7 +32,7 @@ export class ScopesGuard implements CanActivate {
           .map((s: string) => s.trim())
           .filter(Boolean);
 
-    const ok = required.every((s) => scopes.includes(s));
+    const ok = required.some((s) => scopes.includes(s));
     if (ok) return true;
 
     const fallbackRoles = this.reflector.getAllAndOverride<string[]>(ROLES_KEY, [