sequelize.jsfeathersjsfeathers-sequelizecasl

Integrate Casl with Featherjs-Sequelize


I am trying to setup roles and permissions to handle api requests. I am using Feathers.js with feathers-sequelize for a PostGres db.

For managing roles and permissions I am using casl.js: https://github.com/stalniy/casl

Most of the examples for integrating Casl are mongo/mongoose based. I read the following article after: https://stalniy.github.io/casl/abilities/database/integration/2017/07/22/database-integration.html

In the example provided they use sequelize scopes, at the moment feathers-sequelize doesnt support sequelize-scopes with paramters (from what I can see)

Long story short, I am trying to find a way of integrating feathers-sequelize with Casl to manage resource permissions.

So far I can construct the Casl 'abilities' per user, but now to connect those abilities to the database is where I am stuck.

When using Mongo/mongoose its easy as you simply do toMongoQuery and pass in the parameters.

If there is anything that I need to add please do let me know, not sure how to get help on this particular issue.

Regards, Emir


Solution

  • So managed to resolve the issue: I copied this code: https://github.com/stalniy/casl-feathersjs-example/blob/master/src/hooks/abilities.js

    Then I adapted it by adding the following function:

    function ruleToQuery(rule) {
      if (JSON.stringify(rule.conditions).includes('"$all":')) {
        throw new Error('Sequelize does not support "$all" operator')
      }
      return rule.inverted ? { $not: rule.conditions } : rule.conditions
    }
    

    Then I replaced this line:

    const query = toMongoQuery(ability, serviceName, action)
    

    with

    const query = rulesToQuery(ability, action, serviceName, ruleToQuery)
    

    After importing

    const { rulesToQuery } = require('@casl/ability/extra');
    

    One of my issues was the way I was creating my permissions which is not directly related to Feathers nor CASL.

    If you have a similar issue but the answer above isnt clear please comment.