@scitizen/nest-casl v0.0.2

@scitizen/nest-casl

Description

Use decorators everywhere to protect your controller methods.

• :book: Read the docs
• :rocket: Get started

Installation

npm install --save @scitizen/nest-casl

Additionally, please make sure you have correct peer dependencies installed:

• @casl/ability: ^5.0.0
• @nestjs/common: ^8.0.0
• @nestjs/core: ^8.0.0
• lodash: ^4.17.0
• reflect-metadata: ^0.1.13
• rxjs: ^7.0.0

npm install @casl/ability@^5.0.0 @nestjs/common@^8.0.0 @nestjs/core@^8.0.0 lodash@^4.17.0 reflect-metadata@^0.1.13 rxjs@^7.0.0

In a nutshell

Declare a new service that converts the user of your request to a CASL ability:

import { Injectable } from '@nestjs/common';
import { AbilityBuilder, PureAbility } from '@casl/ability';
import { CaslAbilityFactory } from '@scitizen/nest-casl';

@Injectable()
export class AbilityFactory implements CaslAbilityFactory {
	// Here, `request` is the express or fastify request. You might get infos from it.
	public createFromRequest( _request: unknown ): PureAbility {
		const abilityBuilder = new AbilityBuilder( PureAbility );
		abilityBuilder.can( 'feed', 'cat' );
		abilityBuilder.can( 'hug', 'cat' );
		abilityBuilder.can( 'pet', 'cat' );
		abilityBuilder.cannot( 'rename', 'cat' );
		return abilityBuilder.build();
	}
}

Import the module:

import { Module } from '@nestjs/common';
import { CaslModule } from '@scitizen/nest-casl';

@Module( {
	imports: [
		CaslModule.withConfig( ( { abilityFactory: AbilityFactory } ) ),
		// ....
	],
} )
export class AppModule {}

Use decorators in your controller:

import { AbilityBuilder, PureAbility } from '@casl/ability';
import { Controller, Get } from '@nestjs/common';
import { InjectAbility, PoliciesMask, Policy } from '@scitizen/nest-casl';

@Controller( '/cat/care' )
@PoliciesMask({
	'pet': { action: 'pet', subject: 'cat' }
})
export class CatCareController {
	// Okay, you can feed.
	@Get( 'feed' )
	@Policy( { action: 'feed', subject: 'cat' } )
	public feed(){
		// ...
	}

	// Well, I guess he won't bite.
	@Get( 'hug' )
	@Policy( { action: 'hug', subject: 'cat' } )
	public hug(){
		// ...
	}

	@Get( 'pet' )
	public pet( @InjectAbility() ability: PureAbility ){
		// ...
	}
}

For more details and usage with guards, please refer to the guide.

License

@scitizen/nest-casl is MIT licensed.