Open ghost opened 3 years ago
Hey,
the minimal example on its way but has a low priority :)
casl /prisma does 2 things:
I too would greatly appreciate a nestjs/prisma example or a link to a github repo that uses it. Thanks!
My repo ⛩ Nest + Prisma + Angular 🏮 Full Stack GraphQL Starter Kit ⛩ is using @casl/prisma for our auth solution. I thought it might be useful if I shared my code as an example of a concrete implementation. Cheers! 🎐
import { AbilityBuilder, PureAbility } from '@casl/ability';
import { Injectable } from '@nestjs/common';
import { Action } from '@zen/api-interfaces';
import { ICaslFactory, RequestUser } from '@zen/nest-auth';
import { PrismaQuery, createPrismaAbility } from './casl-prisma';
import { PrismaSubjects } from './generated';
/** @description A union of subjects to extend the ability beyond just Prisma models */
export type ExtendedSubjects = 'all';
export type AppAbility = PureAbility<[Action, PrismaSubjects | ExtendedSubjects], PrismaQuery>;
@Injectable()
export class CaslFactory implements ICaslFactory {
async createAbility(user: RequestUser) {
const { can, cannot, build } = new AbilityBuilder<AppAbility>(createPrismaAbility);
if (user.roles.includes('Super')) {
can('manage', 'all');
}
// Customize user permissions here
return build();
}
}
Hello, I am sorry if the question is dumb as I am pretty new here. I am not sure if I have done correctly.
I am using prisma with nestjs, and want to add dynamic permissions using casl. As far as I understand from the docs, json defined rules would be my choice as I want to manage and assign the permissions to users via dashboard.
So according to https://casl.js.org/v5/en/cookbook/roles-with-persisted-permissions, I would choose the second option to build a permission model in prisma like this:
and use prisma's methods to CRUD rules:
permissions.service.ts
and need to dynamically generate ability instance with the defined rules for different prisma models.
according to https://docs.nestjs.com/security/authorization#integrating-casl and the above cookbook:
here when I found the @casl/prisma package, I could barely understand its usage from the docs.
So my question is that, is this correct if I use the @casl/prisma package instead of the above to generate a prisma specific ability instance, and pass the ability to
accessibleBy
in prisma methods?the new ability builder would look like this, where the subject type conflicts :
there are still a lot to do like guard and request context though. So I am wondering if there would be a minimal example. Thank you in advance.