|
const { AbilityBuilder, Ability, ForbiddenError } = require("@casl/ability"); |
|
const { packRules } = require("@casl/ability/extra"); |
|
|
|
const { can, cannot, rules } = new AbilityBuilder(Ability); |
|
|
|
// BlogPost |
|
can("manage", "BlogPost", { author: 1 }); |
|
cannot("delete", "BlogPost"); |
|
|
|
// User |
|
cannot("delete", "User"); |
|
can("read", "User"); |
|
can("update", "User"); |
|
|
|
const ability = new Ability(rules); |
|
|
|
class BlogPost {} |
|
|
|
const aBlogPost = new BlogPost(); |
|
aBlogPost.author = 1; |
|
|
|
const bBlogPost = new BlogPost(); |
|
bBlogPost.author = 2; |
|
|
|
console.log(ability.can("update", aBlogPost)); // true |
|
console.log(ability.can("delete", aBlogPost)); // false |
|
console.log(ability.can("delete", "BlogPost")); // false |
|
|
|
console.log(ability.can("update", bBlogPost)); // false |
|
|
|
console.log(aBlogPost.constructor.name); |
|
|
|
console.log("packedRules", packRules(ability.rules)); |
|
console.log("rules", ability.rules); |
|
|
|
try { |
|
ForbiddenError.from(ability).throwUnlessCan("update", "User"); // not throw |
|
// TODO: update User |
|
console.log("update User"); |
|
} catch (error) { |
|
// Cannot execute "update" on "User" |
|
console.log(error); |
|
} |
|
|
|
try { |
|
ForbiddenError.from(ability).throwUnlessCan("delete", "User"); // throw |
|
// TODO: delete User |
|
console.log("delete User"); |
|
} catch (error) { |
|
// Cannot execute "delete" on "User" |
|
console.log(error); |
|
} |
Useful docs
https://casl.js.org/v5/en/guide/install
https://github.com/stalniy/casl
https://www.fullstacklabs.co/blog/role-based-user-authorization-in-javascript