1

我正在测试在 express 中对 RBAC 使用“@casl/ability”。根据 CASL 文档,我应该能够针对对主题的操作定义属性的条件限制,并且在不使用类的情况下,可以使用主题辅助函数来包装 DTO。

参考:https ://casl.js.org/v4/en/guide/subject-type-detection

我尝试了下面这个非常简单的示例,它应该可以工作。但事实并非如此。我是否在某些方面理解错误?

import { Ability, subject } from "@casl/ability";

const ability = new Ability([
  {
    action: "write",
    subject: "docs",
    conditions: {
      publisherId: 53
    }
  }
]);

const docs = {};
// Also, if the third argument is skipped for 'fields', it throws an error
console.log(
  ability.can("write", subject("docs", docs), "", { publisherId: 53 })
);

我这里有一个沙箱https://codesandbox.io/s/casl-test-conditions-uzc8v?file=/src/index.js:0-286

4

1 回答 1

2

您错误地使用ability.can Check the Api docs。这就是为什么它会抛出错误消息,指出您错误地使用can.

要修复您的示例:

import { Ability, subject } from "@casl/ability";

const ability = new Ability([
  {
    action: "write",
    subject: "docs",
    conditions: {
      publisherId: 53
    }
  }
]);

const docs = subject('docs', {
  publisherId: 53
}); //  “docs” type instance

console.log(
  ability.can("write", docs)
);
于 2021-01-15T20:00:37.047 回答