How to use the @casl/mongoose.toMongoQuery function in @casl/mongoose

To help you get started, we’ve selected a few @casl/mongoose examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github stalniy / casl-feathersjs-example / src / hooks / abilities.js View on Github external
const ability = defineAbilitiesFor(hook.params.user)
    const throwUnlessCan = (action, resource) => {
      if (ability.cannot(action, resource)) {
        throw new Forbidden(`You are not allowed to ${action} ${serviceName}`)
      }
    }

    hook.params.ability = ability

    if (hook.method === 'create') {
      hook.data[TYPE_KEY] = serviceName
      throwUnlessCan('create', hook.data)
    }

    if (!hook.id) {
      const query = toMongoQuery(ability, serviceName, action)

      if (canReadQuery(query)) {
        Object.assign(hook.params.query, query)
      } else {
        // The only issue with this is that user will see total amount of records in db
        // for the resources which he shouldn't know.
        // Alternative solution is to assign `__nonExistingField` property to query
        // but then feathers-mongoose will send a query to MongoDB which for sure will return empty result
        // and may be quite slow for big datasets
        hook.params.query.$limit = 0
      }

      return hook
    }

    const params = Object.assign({}, hook.params, { provider: null })

@casl/mongoose

Allows to query accessible records from MongoDB based on CASL rules

MIT
Latest version published 6 months ago

Package Health Score

79 / 100
Full package analysis

Popular @casl/mongoose functions