stalniy · July 28, 2017 15:07
diff --git a/abilities.js b/abilities.js
 const { Ability, AbilityBuilder, toMongoQuery } = require('casl')
 const { Forbidden } = require('feathers-errors')
 const TYPE_KEY = Symbol.for('type') // <--- added

 // the rest of the logic

 function subjectName(subject) { // <--- added
  if (!subject || typeof subject === 'string') {
    return subject
  }

  return subject[TYPE_KEY]
 }

 function defineAbilitiesFor(user) {
  const { rules, can } = AbilityBuilder.extract()

  // rules definition

  return new Ability(rules, { subjectName })  // <--- passed subjectName option
 }



 module.exports = function authorize(name = null) {
  return async function(hook) {
    // logic to check request type and retrieve result for item request

    result[TYPE_KEY] = serviceName  // <--- added
    
    if (hook.params.ability.cannot(action, result)) {
      throw new Forbidden(`You are not allowed to ${action} ${serviceName}`)
    }

    if (action === 'get') {
      hook.result = result
    }

    return hook
  }
 }
	const { Ability, AbilityBuilder, toMongoQuery } = require('casl')
	const { Forbidden } = require('feathers-errors')
	const TYPE_KEY = Symbol.for('type') // <--- added

	// the rest of the logic

	function subjectName(subject) { // <--- added
	if (!subject \|\| typeof subject === 'string') {
	return subject
	}

	return subject[TYPE_KEY]
	}

	function defineAbilitiesFor(user) {
	const { rules, can } = AbilityBuilder.extract()

	// rules definition

	return new Ability(rules, { subjectName }) // <--- passed subjectName option
	}



	module.exports = function authorize(name = null) {
	return async function(hook) {
	// logic to check request type and retrieve result for item request

	result[TYPE_KEY] = serviceName // <--- added

	if (hook.params.ability.cannot(action, result)) {
	throw new Forbidden(`You are not allowed to ${action} ${serviceName}`)
	}

	if (action === 'get') {
	hook.result = result
	}

	return hook
	}
	}
No results found