feathers-casl

NOTE: This is the version for Feathers v5. For Feathers v4 use feathers-casl v0

About

Add access control with CASL to your feathers application.

This project is built for FeathersJS. An open source web framework for building modern real-time applications. It's based on CASL and is a convenient layer to use CASL in feathers.js.

Features

• Fully powered by Feathers 5 & CASL 6
• Allows permissions for all methods create, find, get, update, patch, remove, or create, read, update, delete
• Define permissions not based on methods: can('view', 'Settings') (Bring your custom logic)
• Restrict by conditions: can('create', 'Task', { userId: user.id })
• Restrict by individual fields: cannot('update', 'User', ['roleId'])
• Native support for restrictive $select: can('read', 'User', ['id', 'username']) -> $select: ['id', 'username']
• Support to define abilities for anything (providers, users, roles, 3rd party apps, ...)
• Fully supported adapters: @feathersjs/knex, @feathersjs/memory, @feathersjs/mongodb, feathers-sequelize, not supported: feathers-mongoose, feathers-nedb, feathers-objection
• Support for dynamic rules stored in your database (Bring your own implementation ;) )
• hooks:
  • checkBasicPermission hook for client side usage as a before-hook
  • authorize hook for complex rules
  • Disallow/allow multi methods (create, patch, remove) dynamically with: can('remove-multi', 'Task', { userId: user.id })
• channels:
  • every connection only receives updates based on rules
  • channels-support also regards restrictive fields
  • rules can be defined individually for events
• utils:
  • checkCan to be used in hooks to check authorization before operations
• Baked in support for @casl/angular, @casl/react, @casl/vue and @casl/aurelia

Documentation

You need more information? Please have a look: https://feathers-casl.netlify.app/

Installation

npm i feathers-casl @casl/ability

Testing

Simply run npm test and all your tests in the test/ directory will be run. It has full support for Visual Studio Code. You can use the debugger to set breakpoints.

Help

For more information on all the things you can do, visit FeathersJS and CASL.

License

Licensed under the MIT license.