Release 1

apps/api/src/app/auth/idm-guard.service.ts

+import {
+  CanActivate, ExecutionContext, Injectable, UnauthorizedException
+} from '@nestjs/common';
+import { AuthService } from './service/auth.service';
+
+@Injectable()
+export class IdmGuard implements CanActivate {
+  constructor(
+    private authService: AuthService
+  ) {}
+
+  async canActivate(
+    context: ExecutionContext
+  ) {
+    const req = context.switchToHttp().getRequest();
+    const userId = req.user.id;
+    const isAdmin = await this.authService.isCmsAdminUser(userId);
+    if (!isAdmin) {
+      throw new UnauthorizedException();
+    }
+    return true;
+  }
+}