How to allow more users to edit an article with casl react

972 Views Asked by Piioo At 09 December 2020 at 14:34

Im using CASL rect to setup authorization in my javascript project.

It is nice when I have to ask, if a user has the access to edit an article because he is the author.

But when I have more then one author, how I may check that the current user may edit this article?

<Can I='edit' a={{ editor_ids: article.editor_ids, type: 'Article' }}

I do not understand how to check that the current user id is in the editor_ids in the ability.

can('edit', 'Article', { editor_ids: ....something here for currentUser.id .... })

Original Q&A

There are 1 best solutions below

Sergii Stotskyi On 17 December 2020 at 08:54 BEST ANSWER

You can find details about this in Supported operators and in Common conditions

In your particular example:

Define ability:

import { defineAbility } from '@casl/ability'

const options = { 
  // https://casl.js.org/v4/en/guide/subject-type-detection
  detectSubjectType: /* logic to detect subject type */ 
}
export const createAbilityFor = (currentUser) => defineAbility(options, (can) => {
  can('edit', 'Article', { editor_ids: currentUser.id }) // can edit article if user.id is in editor_ids
})

Check permissions:

// createAbilityFor is a function from prev example

const currentUser = { id: 1 }
const ability = createAbilityFor(currentUser);

ability.can('edit', { type: 'Article', editor_ids: [1, 2, 3] }) // true
ability.can('edit', { type: 'Article', editor_ids: [3, 4, 5] }) // false

How to allow more users to edit an article with casl react

There are 1 best solutions below

Related Questions in JAVASCRIPT

Related Questions in CASL

Trending Questions

Popular # Hahtags

Popular Questions