Comments (1)
The main issue with the idea is that for some cases we would like to define not all actions or not all subjects.
Lets consider an example with hardware capabilities and user permissions. For example, there are devices which supports wifi and which not. So, we define ability like this:
const hardwareAbility = AbilityBuilder.define(can => {
if (hardware.supportsWiFi) {
can('manage', 'WiFi')
}
})
const userAbility = AbilityBuilder.define(can => {
if (user.is('admin')) {
can('manage', 'WiFi')
can(['read', 'update'], 'User', { id: user.id })
}
})
const ability = hardwareAbility.concat(userAbility)
Now when we do ability.can('read', 'Wifi')
all works as expected but if we do ability.can('read', 'User')
it will return false
because hardware ability doesn't have rules for User
(and shouldn't have them).
So, I decline this feature in favor of #45 . With conditional rules it may look like this:
const userAbility = AbilityBuilder.define(can => {
if (user.is('admin')) {
can('manage', 'WiFi').onlyIf(() => hardware.supportsWiFi, { error: 'This device does not have WiFi card' })
can(['read', 'update'], 'User', { id: user.id })
}
})
from casl.
Related Issues (20)
- Add Support for Mongoose v8 in @casl/mongoose HOT 3
- @casl/[email protected] npm package is missing content HOT 3
- Error: Hydration failed because the initial UI does not match what was rendered on the server. HOT 2
- [not urgent] CLI Yarn warning: @casl/vue 1.x requests version lower than current 6.5.0 HOT 3
- cannot check ability if rules are loaded from database then we create ability using mongoCreateAbility HOT 9
- Extend Rule Checking Mechanism to Evaluate All Rules
- `rulesToQuery` should be generic over the return type of `RuleToQueryConverter` HOT 3
- Update ability JSON HOT 1
- Unable to import `reactiveAbility` from casl/vue HOT 5
- @casl/ability/extra/package.json contains a typo preventing Jest from resolving the package correctly HOT 1
- casl/mongoose 8.0.0 update, error with missing types HOT 1
- Add rule to eslint that forbids using `dist/` imports HOT 1
- [Documentation] Code examples use deprecated Ability
- Typescript issue with the new ofType of accessibleBy HOT 3
- [Bug] Invalid union type for subject when subjects have different actions HOT 4
- Use ability created by express in Vue3
- Unable to understand the implementation of CASL in nextjs App HOT 3
- bug: subject helper error HOT 1
- How to perform conditions on nested objects? HOT 1
- CASL NestJS integration & CASL TypeORM integration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from casl.