Thanks to visit codestin.com
Credit goes to github.com

Skip to content

The example with CASL in the official documentation is deprecated - https://docs.nestjs.com/security/authorization  #2596

New issue
New issue
Closed
Closed
The example with CASL in the official documentation is deprecated - https://docs.nestjs.com/security/authorization #2596
@usystemsoftwares

Description

@usystemsoftwares
usystemsoftwares
opened on Jan 27, 2023

I'm submitting a...

  • Regression
  • Bug report
  • Feature request
  • [ X] Documentation issue or request (new chapter/page)
  • Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Warning message - "@deprecated use createMongoAbility function instead and MongoAbility interface. In the next major version PureAbility will be renamed to Ability and this class will be removed"

Expected behavior

Keep official documentation up to date!

Minimal reproduction of the problem with instructions

  1. Add package @casl/ability@^6.3.3
  2. Import the Ability class as the official documentation shows -
  3. Give the warning message - "@deprecated use createMongoAbility function instead and MongoAbility interface. In the next major version PureAbility will be renamed to Ability and this class will be removed"

What is the motivation / use case for changing the behavior?

Being able to keep the official documentation of this exceptional framework that is Nest.js up to date.

I used the same foundation and logic as the example, I just updated the obsolete methods, follow the example:

type Subjects = InferSubjects<typeof Article | typeof User> | 'all';

type AppAbility = MongoAbility<[Action, Subjects]>;

@Injectable()
export class CaslAbilityFactory {
  createForUser(user: User) {
    const { can, cannot, build } = new AbilityBuilder<AppAbility>(
      createMongoAbility,
    );

    if (user) {
      can(Action.Manage, 'all'); // read-write access to everything
    } else {
      can(Action.Read, 'all'); // read-only access to everything
    }

    can(Action.Update, Article, { authorId: user.id });
    cannot(Action.Delete, Article, { isPublished: true });

    return build({
    // Read https://casl.js.org/v6/en/guide/subject-type-detection for details
      detectSubjectType: (object) =>
        object.constructor as ExtractSubjectType<Subjects>,
    });
  }
}

Changing only the code above and keeping the rest of the documentation, the authorization will already work, if it helps I can create a PR describing every detail of the authorization with CASL and Nest.js with updated methods :)

Att.
Raphael Martinez.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions