1 | const ACLInterface = require('./base')
|
2 | const objectDeepKeys = require('../utils/object-deep-keys')
|
3 | const { permittedFieldsOf } = require('@casl/ability/extra')
|
4 |
|
5 | class CASL extends ACLInterface {
|
6 | _checkIndividualAccess(item, inputItem) {
|
7 |
|
8 |
|
9 | const ability = this.acl(
|
10 | this.user,
|
11 | item,
|
12 | this.action,
|
13 | inputItem,
|
14 | this.opts,
|
15 | this.relation
|
16 | )
|
17 |
|
18 |
|
19 |
|
20 |
|
21 |
|
22 |
|
23 |
|
24 | const fields = objectDeepKeys(inputItem)
|
25 | const resource =
|
26 | this.opts.casl.useInputItemAsResourceForRelation && this.relation
|
27 | ? inputItem
|
28 | : item
|
29 |
|
30 | if (fields.length) {
|
31 | for (let i = 0; i < fields.length; i++)
|
32 | if (ability.cannot(this.action, resource, fields[i])) return false
|
33 | return true
|
34 | } else return ability.can(this.action, resource)
|
35 | }
|
36 |
|
37 | get allowedFields() {
|
38 | const modelInstance = this.items[0]
|
39 | const fields = objectDeepKeys(modelInstance)
|
40 | const ability = this.acl(
|
41 | this.user,
|
42 | modelInstance,
|
43 | this.action,
|
44 | this.inputItems[0],
|
45 | this.opts
|
46 | )
|
47 |
|
48 |
|
49 |
|
50 | return permittedFieldsOf(ability, this.action, modelInstance, {
|
51 | fieldsFrom: rule => rule.fields || fields
|
52 | })
|
53 | }
|
54 | }
|
55 |
|
56 | module.exports = CASL
|