Skip to content

@casl/[email protected]
Compare
Choose a tag to compare
@stalniy stalniy released this 04 Feb 20:05
· 1133 commits to master since this release
@casl/[email protected]
49b50c4

@casl/ability-v3.0.0 (2019-02-04)

Bug Fixes

  • ability: prevent creation of manage alias (4ca1268), closes #119
  • ability: updates ts definitions for Ability (2c989b2), closes #119

Features

  • ability: adds support for manage action (d9ab56c), closes #119

BREAKING CHANGES

  • ability: manage is not anymore an alias for CRUD but represents any action.

Let's consider the next example:

const ability = AbilityBuilder.define((can) => {
  can('manage', 'Post')
  can('read', 'User')
})

In @casl/[email protected] the definition above produces the next results:

ability.can('read', 'Post') // true
ability.can('publish', 'Post') // false, because `manage` is an alias for CRUD

In @casl/[email protected] the results:

ability.can('read', 'Post') // true
ability.can('publish', 'Post') // true, because `manage` represents any action

To migrate the code, just replace manage with crud and everything will work as previously.

  • ability: prioritise rules with all subject in the same way as other rules

Let's consider the next example:

const ability = AbilityBuilder.define((can) => {
  can('read', 'User', { id: 1 })
  cannot('read', 'all')
})

According to rule ordering read all rule must override read User rule but in @casl/[email protected] there was a bug and this is not true:

ability.can('read', 'User') // true

In @casl/[email protected] this works as expected

ability.can('read', 'User') // false
Assets 2
Loading