Closed jophuijbers closed 1 year ago
I see a bug in the library code but I don't see an easy workaround. subject
is just the key for our rules, what we are interested in is subjectInstance
but both hasAbility and assertAbility take subject
as the third argument.
I will try to make a PR maybe they can add it. But a workaround that worked for mi: Call the service and getAbility for the user you want
const userAbility = this.myService.getAbility(request.user);
This way you have access to casl, Then call can and pass the action and subject, subject is a function from casl. It will ony acept string in typescript but you can cast to any so it will work, and the instance. This way worked for me. Hope it work for you.
userAbility.can(Actions.update, subject(Filter as any, instance)),
Thanks, the workaround works as expected!
The function "assertAbility" on AccessService always throws a 401 Unauthorized error (hasAbility returns false). The code below is pretty much identical to the provided sample in the documentation. When I use the decorators, everything works as expected. What could cause this weird behavior?
NOT WORKING:
WORKING:
Here are the configured permissions, nothing special.