Thanks to visit codestin.com
Credit goes to github.com

Skip to content

The example with CASL in the official documentation is deprecated - https://docs.nestjs.com/security/authorization #2596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
4 tasks
usystemsoftwares opened this issue Jan 27, 2023 · 3 comments
Closed
4 tasks

The example with CASL in the official documentation is deprecated - https://docs.nestjs.com/security/authorization #2596

usystemsoftwares opened this issue Jan 27, 2023 · 3 comments

Comments

@usystemsoftwares
Copy link

usystemsoftwares commented Jan 27, 2023
edited
Loading

I'm submitting a...

  • Regression
  • Bug report
  • Feature request
  • [ X] Documentation issue or request (new chapter/page)
  • Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Warning message - "@deprecated use createMongoAbility function instead and MongoAbility interface. In the next major version PureAbility will be renamed to Ability and this class will be removed"

Expected behavior

Keep official documentation up to date!

Minimal reproduction of the problem with instructions

  1. Add package @casl/ability@^6.3.3
  2. Import the Ability class as the official documentation shows -
  3. Give the warning message - "@deprecated use createMongoAbility function instead and MongoAbility interface. In the next major version PureAbility will be renamed to Ability and this class will be removed"

What is the motivation / use case for changing the behavior?

Being able to keep the official documentation of this exceptional framework that is Nest.js up to date.

I used the same foundation and logic as the example, I just updated the obsolete methods, follow the example:

type Subjects = InferSubjects<typeof Article | typeof User> | 'all';

type AppAbility = MongoAbility<[Action, Subjects]>;

@Injectable()
export class CaslAbilityFactory {
  createForUser(user: User) {
    const { can, cannot, build } = new AbilityBuilder<AppAbility>(
      createMongoAbility,
    );

    if (user) {
      can(Action.Manage, 'all'); // read-write access to everything
    } else {
      can(Action.Read, 'all'); // read-only access to everything
    }

    can(Action.Update, Article, { authorId: user.id });
    cannot(Action.Delete, Article, { isPublished: true });

    return build({
    // Read https://casl.js.org/v6/en/guide/subject-type-detection for details
      detectSubjectType: (object) =>
        object.constructor as ExtractSubjectType<Subjects>,
    });
  }
}

Changing only the code above and keeping the rest of the documentation, the authorization will already work, if it helps I can create a PR describing every detail of the authorization with CASL and Nest.js with updated methods :)

Att.
Raphael Martinez.
@Tony133
Copy link
Contributor

Tony133 commented Jan 27, 2023

@usystemsoftwares would you like to create a PR for this? PRs are always welcome for core NestJS team.

A suggestion if you think the documentation needs to be updated or you would like to propose a change directly create a PR with your rationale, without creating an issue.

@usystemsoftwares
Copy link
Author

OK! Thanks for the answer! I will made this

@Tony133
Copy link
Contributor

Tony133 commented Jan 27, 2023

You're welcome 👍

@cuonglamphu cuonglamphu mentioned this issue May 6, 2025
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tony133 @usystemsoftwares