I'm currently exploring CASL for managing persisted permissions in my MERN stack CRM application, specifically for granting access to the entire hierarchy of employees under a manager. Has anyone successfully implemented CASL for this purpose? I am storing a managerId field in user schema that links the employee to his manager. I also want the permission to be stored jn database and described in the official docs linked below. Any help will be greatly appreciated!
https://casl.js.org/v6/en/cookbook/roles-with-static-permissions
I am able to give access and filter out documents that are owned by a direct reportee to a manager by specifying the condition as { id: 1, name: 'manager', permissions: JSON.stringify([ { action: 'manage', subject: 'Order', conditions: { ”owner.managerId: '${user.id}' } }, ]) }
I am not able to figure out how yo give access to all employees that don’t directly report to a particular manager.