Options
All
  • Public
  • Public/Protected
  • All
Menu

@knodes/nest-casl

Index

Namespaces

Classes

Interfaces

Type aliases

Functions Decorators

Functions Other

Type aliases

BoundPolicyDecorators

BoundPolicyDecorators<TAbility>: { PoliciesMask: PoliciesMask<TAbility>; Policy: Policy<TAbility> }

Type parameters

  • TAbility: AnyAbilityLike = AnyAbilityLike

Type declaration

GuardsList

GuardsList: ((CanActivate | Type<CanActivate>)[] | Type<CanActivate>)[]

A list of guards or guard classes. When called in a usingGuard method, they might be joined by a or condition.

example
@Policy( () => true )
    //          (Guard1 || Guard2)
    .usingGuard([Guard1,   Guard2])
class Foo {}

@PoliciesMask( { '*': () => true } )
    //          (Guard3 || Guard4) && Guard5 && (Guard6)
    .usingGuard([Guard3,   Guard4],   Guard5,   [Guard6])
class Bar {}

MaybeAsyncValue

MaybeAsyncValue<T>: T | Promise<T> | Observable<T>

An observable, promise, or sync value.

Type parameters

  • T

PolicyDescriptor

PolicyDescriptor<TAbility>: Type<IPolicy<TAbility>> | IPolicy<TAbility> | ((ability: TAbility) => MaybeAsyncValue<boolean>) | SimplePolicy<TAbility> | boolean

Any type of policy that can be handled. It can either be

  • an object or an injectable class implementing IPolicy
  • a simple function that takes the ability and return a boolean
  • a SimplePolicy defining the action and subject
  • or a static boolean.

Booleans are handled in a special ways:

  • If true, the policy guards are never ran. This could be used to expose a single anonymously accessible endpoint on a masked controller.
  • If false, only the {@link PoliciesGuard} is ran, and throws a ForbiddenException: Endpoint statically forbidden.

In all other cases, all guards are ran.

Type parameters

  • TAbility: AnyAbilityLike

PolicyDescriptorMask

PolicyDescriptorMask<TAbility>: Record<string, PolicyDescriptor<TAbility>>

A dictionary of policies to apply on a class. All properties must be methods of the class it is applied on, except *.

The * key is a fallback policy used when no more specific key matches. We strongly recommend to use it with false, to explicitly allow endpoints.

see

PolicyDescriptor

example
@PoliciesMask({
    '*': false, // Disallow by default
    'create': { action: 'create', subject: 'Cat', },
    'read': true, // Allow everybody to read. Don't even check any guard.
    'update': { action: 'update', subject: 'Cat', },
    'delete': { action: 'delete', subject: 'Cat', },
})
class CatsController {
    public create(){}
    public read(){}
    public update(){}
    public delete(){}
    public admin(){} // Not specified in the mask, thus applying the `false` policy who always forbid access.
}

Type parameters

  • TAbility: AnyAbilityLike

SimplePolicy

SimplePolicy<TAbility>: TAbility extends Ability<infer TAbilityTuple> ? TAbilityTuple extends any ? { action: TAbilityTuple[0]; subject: TAbilityTuple[1] } : never : { action: string; subject: string }

A simple policy defined by an action and a subject.

see

https://casl.js.org/v5/en/guide/intro#basics

Type parameters

  • TAbility: AnyAbilityLike

Decorators Functions

InjectAbility

  • InjectAbility(required?: boolean): ParameterDecorator

  • A parameter decorator factory that retrieve the ability of the current request.

    Parameters

    • Optional required: boolean

      Set to false to not throw if no ability was found for the request. Defaults to true.

    Returns ParameterDecorator

    a parameter decorator that will set the parameter value to the ability. If not {@link required} and none is found, a new empty ability will be created.

PoliciesMask

  • PoliciesMask<TMask, TAbility>(mask: TMask): BoundPoliciesMask<TMask, TAbility>

Policy

Other Functions

bindPolicyDecorators

  • Prepare a new couple of Policy & PoliciesMask decorators bound to use the given {@link guards}.

    example
    const ViaJwt = bindPolicyDecorators( AuthGuard( 'jwt' ));
    const ViaStrongJwt = ViaJwt( AuthenticatedStrongly );

    Type parameters

    • TAbility: AnyAbilityLike = AnyAbilityLike

    Parameters

    • Rest ...guards: GuardsList

      A list of guards to use.

    Returns BoundPolicyDecorators<TAbility>

    an function with properties containing the new decorators. You may call again this function to add more guards.

Generated using TypeDoc