1 | const ACLInterface = require('./base')
|
2 | const objectDeepKeys = require('../utils/object-deep-keys')
|
3 | const { permittedFieldsOf } = require('@casl/ability/extra')
|
4 |
|
5 | class CASL extends ACLInterface {
|
6 | _checkIndividualAccess(item, inputItem) {
|
7 |
|
8 |
|
9 | const ability = this.acl(
|
10 | this.user,
|
11 | item,
|
12 | this.action,
|
13 | inputItem,
|
14 | this.opts,
|
15 | this.relation
|
16 | )
|
17 |
|
18 |
|
19 |
|
20 |
|
21 |
|
22 |
|
23 |
|
24 | const fields = objectDeepKeys(inputItem)
|
25 | if (fields.length) {
|
26 | for (let i = 0; i < fields.length; i++)
|
27 | if (ability.cannot(this.action, item, fields[i])) return false
|
28 | return true
|
29 | } else return ability.can(this.action, item)
|
30 | }
|
31 |
|
32 | get allowedFields() {
|
33 | const modelInstance = this.items[0]
|
34 | const fields = objectDeepKeys(modelInstance)
|
35 | const ability = this.acl(
|
36 | this.user,
|
37 | modelInstance,
|
38 | this.action,
|
39 | this.inputItems[0],
|
40 | this.opts
|
41 | )
|
42 |
|
43 |
|
44 |
|
45 | return permittedFieldsOf(ability, this.action, modelInstance, {
|
46 | fieldsFrom: rule => rule.fields || fields
|
47 | })
|
48 | }
|
49 | }
|
50 |
|
51 | module.exports = CASL
|