Comments (6)
Hey, sorry for the delay again!
I don't get it. What do you mean with the following?
it seems that ability will only be updated when a new connection is established by the client
from feathers-casl.
No worries!
tl;dr: If your ability might change due to some user interaction, the current example setup in the docs will not work nicely with the socket.io transport.
By "new connection" I meant the socket connection, but re-reading what I wrote above, I don't think that I did a very good job explaining the issue, so I'll try again with a bit of context :)
My ability factory function sometimes needs additional data to determine permissions. For example, Users may have Teams and they might have different permissions based on their Role in that team. Users may change or leave their Team at will.
We have a React client and use the socket.io transport for pretty much everything.
The "confusing permission errors" that I was referencing above happened when a User would leave or change a Team -- we could confirm that the change was persisted to the db, but the new data wasn't being used by the authorize
hook. The most confusing part was that refreshing the page fixed the issue since the client shouldn't be able to affect its server side permissions object!
Eventually, I realized that the reason refreshing the page "fixed" the issue is because we were re-establishing the socket.io connection and making another call to the authentication service, which would build the new ability correctly.
So, it seems that the authentication service is only called once for the socket, and the ability is only created once. If your ability needs to change based on some user interaction with the app, then it needs to be attached to the request context somewhere else that will definitely get called per-request. That's the thing that was not obvious to me and might be nice to make a little note about in the docs.
from feathers-casl.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from feathers-casl.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from feathers-casl.
Sorry for the noise of stale bot. Hope I got this fixed now.
I want to support this, at least write a cookbook recipe in the docs.
@robbyphillips How did you fix this for your application?
from feathers-casl.
It's a bit of kludge, but I'm really just stripping the default ability and recalculating it for every request on affected services.
// service-with-dynamic-permissions.hooks.ts
// remove the default ability
const resetAbility = (context: HookContext) => {
delete context.params.ability
return context
}
// just a convenience wrapper
const makeAuthorize = () =>
authorize({
availableFields, // defined above somewhere for this service
ability: getAbilityWithContext // ability factory
})
export default {
before: {
all: [
authenticate('jwt'),
resetAbility
],
find: [makeAuthorize()],
get: [makeAuthorize()],
create: [makeAuthorize()],
update: [makeAuthorize()],
patch: [makeAuthorize()],
remove: [makeAuthorize()]
},
after: {
all: [makeAuthorize()],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: []
}
// ...
}
from feathers-casl.
Related Issues (20)
- Documentation Difficulties
- using $exists in casl using createMongoAbility throws error (knex) HOT 1
- Update checkData function to support custom methods
- Feathers casl is not replacing dispatch data (data leak)
- Next version for feathers 5 HOT 3
- Nest JS authorization with CASL doesn't work as expected HOT 1
- You're not allowed to get on 'users' HOT 3
- AbilityBuilder expected 1 arguement, but got 0 HOT 3
- Is the anonymous channel needed anymore? HOT 7
- Remove ability on logout
- remove: No record found for id HOT 5
- Missing resource results in "You are not allowed to get X" message HOT 3
- [Question] Custom adapter HOT 1
- How can we express an ltree condition with feathers-casl? HOT 1
- [email protected] - error with 'feathers-utils' is a CommonJS module HOT 2
- Support for casl v6 ? HOT 2
- Documentation contains non-existent reference to @casl/ability -> makeAbilityFromRules HOT 3
- Documentation section 'add-abilities-to-hooks-context': wrong import file reference
- Ability to have multiple "stages" for permissions?
- find rule with restricted field not working HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from feathers-casl.