如何解决如何使用 CASL/能力处理猫鼬上的条件
描述错误 我有一个带有引用另一个集合模型的字段的猫鼬模型,但是当我定义使用条件字段的条件时,它会忽略条件并且不会在定义的能力中执行条件。 复制
// ROLES MODEL
const mongoose = require("mongoose");
const { Schema } = mongoose;
const RoleSchema = Schema({
organization: { type: Schema.Types.ObjectId,ref: "organization",required: true },role: {
type: String,required: true,lowercase: true
},// [learners,moderators,facilitators,learnerkia staffs etc]
dateCreated: { type: Date,default: Date.Now }
});
// exports the schema
module.exports = mongoose.model("role",RoleSchema);
// ORGANIZATION MODEL
const mongoose = require("mongoose");
const { accessibleRecordsPlugin } = require("@casl/mongoose");
const { Schema } = mongoose;
const OrganizationSchema = new Schema({
orgName: {
type: String,required: false,unique: true,email: { type: String,trim: true,unique: true },phone: { type: String,password: { type: String,firstName: { type: String,lowercase: true },lastName: { type: String,slug: { type: String,required: false },customerId: { type: String,profilelogo: { type: String,industry: { type: Schema.Types.ObjectId,ref: "industry",isAdmin: { type: String,default: true },dateCreated: { type: Date,default: Date.Now },active: { type: Boolean,default: false },updateHistory: [{
userId: String,date: String
}]
});
OrganizationSchema.plugin(accessibleRecordsPlugin);
module.exports = mongoose.model("organization",OrganizationSchema);
// PERMISSION ON ROLE
exports.defineAbilitiesOnRolesFor = (user) => {
const { can,rules } = new AbilityBuilder(Ability);
if (user.isAdmin) {
can(
"mange","Role",{ organization: user._id } // manage your own account roles
);
}
// PERMISSION CHECKER
async function permissionChecker(model,defineAbilitiesOnSubjectFor,userId,action,subject) {
try {
// get user and all attributes
const user = await model.findOne({ _id: userId });
// get ability
const ability = defineAbilitiesOnSubjectFor(user);
// get permission
const permission = ability.can(action,subject);
// console.log(permission);
return permission;
} catch (error) {
// console.log(error);
return false;
}
}
module.exports = {
permissionChecker
};
// SERVICE FILE
const Role = require("../models/role");
const { permissionChecker } = require("../helpers/permissionHelpers");
const action = "read";
const subject = ROLE
const loggedInUser = res.locals.user.userId
const Organizations = require("../models/organization");
const permission = await permissionChecker(
Organizations,defineAbilitiesOnRolesFor,loggedInUser,subject
);
if (permission) {
await Role.find({ organization: orgId },{ __v: 0 })
.populate("organization","orgName")
.then((response) => res.status(200).json({
status: true,message: "successfully retrieved all roles created for this organization",data: response,errors: []
}))
.catch((err) => {
res.status(500).json({
status: false,message: "internal server error",data: null,errors: [err]
});
});
return;
}
预期行为 在为 ROLE 能力设置条件后,组织管理员应该只能管理属于他的组织而不是其他组织的角色,因为他不拥有这些角色。但现在条件失败或没有被 casl 读取,任何管理员都可以管理属于任何组织的任何角色,这是意料之外的。请帮忙?我的代码有问题吗? CASL V4
@casl/能力 @casl/猫鼬
环境: Node.js 版本
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
