Closed izziaraffaele closed 4 years ago
I faced a common mistake. AbilityBuilder
accepts an AbilityType
which by default equals to PureAbility
. Check the API docs - https://casl.js.org/v4/en/api/casl-ability#ability-builder-constructor
There are 2 types of Ability
:
PureAbility
, this class has no predefined conditionsMatcher
and fieldMatcher
Ability
, this class uses MongoDB conditionsSo, to fix your example, replace const { can, build } = new AbilityBuilder();
with const { can, build } = new AbilityBuilder(Ability);
Describe the bug Very simple rules conditions are not checked correctly on the subject passed to the ability checker class. Checking ability without providing a subject works as expected but as soon as I provide a subject I'm starting getting false positive. Is it a bug or am I doing something wrong?
To Reproduce
Node.js
I also tried explicitly specifying
cannot
rules but I'm getting the same resultExpected behavior In the example above I expect the log
Can update other users?
to befalse
as the id of the provided subject is different from the one stated in the rule definitionInteractive example https://codesandbox.io/s/heuristic-cherry-psefr