I am trying to setup roles and permissions to handle api requests. I am using Feathers.js with feathers-sequelize for a PostGres db.
For managing roles and permissions I am using casl.js: https://github.com/stalniy/casl
Most of the examples for integrating Casl are mongo/mongoose based. I read the following article after: https://stalniy.github.io/casl/abilities/database/integration/2017/07/22/database-integration.html
In the example provided they use sequelize scopes, at the moment feathers-sequelize doesnt support sequelize-scopes with paramters (from what I can see)
Long story short, I am trying to find a way of integrating feathers-sequelize with Casl to manage resource permissions.
So far I can construct the Casl 'abilities' per user, but now to connect those abilities to the database is where I am stuck.
When using Mongo/mongoose its easy as you simply do toMongoQuery and pass in the parameters.
If there is anything that I need to add please do let me know, not sure how to get help on this particular issue.
Regards, Emir
So managed to resolve the issue: I copied this code: https://github.com/stalniy/casl-feathersjs-example/blob/master/src/hooks/abilities.js
Then I adapted it by adding the following function:
function ruleToQuery(rule) {
if (JSON.stringify(rule.conditions).includes('"$all":')) {
throw new Error('Sequelize does not support "$all" operator')
}
return rule.inverted ? { $not: rule.conditions } : rule.conditions
}
Then I replaced this line:
const query = toMongoQuery(ability, serviceName, action)
with
const query = rulesToQuery(ability, action, serviceName, ruleToQuery)
After importing
const { rulesToQuery } = require('@casl/ability/extra');
One of my issues was the way I was creating my permissions which is not directly related to Feathers nor CASL.
If you have a similar issue but the answer above isnt clear please comment.