Can I have possibility to iterate permissions from my db ? #597
smirnovDm
started this conversation in
Show and tell
Replies: 1 comment
-
|
@smirnovDm I can most likely help you, but I'm unsure what the {userid: 1} is supposed to mean in your permissions? Do you mean something like this? import { createMongoAbility, MongoAbility } from "@casl/ability";
interface IAccountSubjectEntity {
userid: number;
accountid: number;
}
class AccountSubjectEntity {
userid: IAccountSubjectEntity["userid"];
accountid: IAccountSubjectEntity["accountid"];
constructor(args: IAccountSubjectEntity) {
return Object.assign(this, args);
}
}
interface Ability {
action: "manage" | "read" | "create" | "update" | "delete";
}
const abilities = [
{ userid: 1, accountid: 1, action: "manage" },
{ userid: 1, accountid: 1, action: "read" },
{ userid: 1, accountid: 1, action: "create" },
{ userid: 1, accountid: 1, action: "update" },
{ userid: 1, accountid: 1, action: "delete" },
{ userid: 1, accountid: 2, action: "read" },
] as const;
function toCASLJSONAblitiy(
abilities:
| readonly (Ability & AccountSubjectEntity)[]
| (Ability & AccountSubjectEntity)[]
) {
return (user) =>
createMongoAbility(
abilities.map((x) => ({
action: x.action,
subject: AccountSubjectEntity.name,
conditions: {
userid: user.id,
accountid: x.accountid,
},
}))
);
}
const abilityForUser = toCASLJSONAblitiy(abilities);
const user1Ability = abilityForUser({ id: 1 });
console.log(
user1Ability.can(
"read",
new AccountSubjectEntity({
userid: 1,
accountid: 1,
})
)
); // logs: true
console.log(
user1Ability.can(
"read",
new AccountSubjectEntity({
userid: 1,
accountid: 2,
})
)
); // logs: true
console.log(
user1Ability.can(
"manage",
new AccountSubjectEntity({
userid: 1,
accountid: 2,
})
)
); // logs: false
const user2Ability = abilityForUser({ id: 2 });
console.log(
user2Ability.can(
"read",
new AccountSubjectEntity({
userid: 1,
accountid: 1,
})
)
); // logs: false (because user ids don't match)
console.log(
user2Ability.can(
"read",
new AccountSubjectEntity({
userid: 1,
accountid: 2,
})
)
); // logs: false (because user ids don't match)
console.log(
user2Ability.can(
"manage",
new AccountSubjectEntity({
userid: 1,
accountid: 2,
})
)
); // logs: false (because user ids don't match) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi!
Can I ask you?
I'm stucked on iterating permissions from my DB. I'm using nest typeorm postgres
I have a list of permissions like that(queried from my db):
[
{ userid: 1, accountid: 1, action: 'manage' },
{ userid: 1, accountid: 1, action: 'read' },
{ userid: 1, accountid: 1, action: 'create' },
{ userid: 1, accountid: 1, action: 'update' },
{ userid: 1, accountid: 1, action: 'delete' }
{ userid: 1, accountid: 2, action: 'read' }
]
And I need somehow to translate it into:
can(Action.Manage, AccountSubjectEntity, {accountId: 1})
can(Action.Read, AccountSubjectEntity, {accountId: 1})
can(Action.Create, AccountSubjectEntity, {accountId: 1})
can(Action.Update, AccountSubjectEntity, {accountId: 1})
can(Action.Delete, AccountSubjectEntity, {accountId: 1})
can(Action.Read, AccountSubjectEntity, {accountId: 2})
Is there is a way to do that, help me please ?
Thanks for your attention!
Beta Was this translation helpful? Give feedback.
All reactions