Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Forbidden reasons do not work with regular rules

See original GitHub issue

Bug Report

When a rule has condition object, it’s custom message is ignored.

const { AbilityBuilder, ForbiddenError } = require("@casl/ability")

class Post {
  constructor(owner) {
    this.owner = owner;
  }
}

const ability = AbilityBuilder.define((can, cannot) => {
  can('read', 'Post', { owner: 'user_id_1' }).because('Only owner');
});

try {
  ForbiddenError.from(ability).throwUnlessCan('read', new Post('user_id_2'));
} catch (error) {
  console.log(error.message) // "Cannot execute "read" on "Post""
}

Expected behavior

error.message should be "Only owner" but it is "Cannot execute "read" on "Post""

Environment

  • node version: 12.15.0
  • @casl/ability version: 3.4.0
  • os: Ubuntu 18.04

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:6 (5 by maintainers)

github_iconTop GitHub Comments

2reactions
stalniycommented, May 19, 2020

The example above can be used to implement desired behavior starting from @casl/ability@4.1.0

0reactions
stalniycommented, May 19, 2020

After some thinking, I realized there is no sense to enumerate all reasons which are not met, you can just say “none of the expected checks are satisfied”. But if you very need this, you can implement it by defining custom defaultErrorMessage:

import { ForbiddenError } from '@casl/ability';

ForbiddenError.setDefaultMessage((error) => {
  if (error.reason) {
    return error.reason
  }

  const reasons = error.ability.rulesFor(error.action, error.subject, error.field)
    .map(rule => `"${rule.reason}"`)
    .join(' nor ');
  return `Neither ${reasons}  are satisfied
});

error.ability is currently a private property, I will expose it in the next release to be a public one

Read more comments on GitHub >

github_iconTop Results From Across the Web

What Is the 403 Forbidden Error and How to Fix It (8 Methods ...
Causes of 403 Forbidden​​ Often, HTTP 403 forbidden errors are caused by an access misconfiguration on the client-side, which means you can usually...
Read more >
3 Ways To Fix '403 Forbidden Request Forbidden By ...
To fix your WordPress file permissions, follow these steps: Step 1: Go to cPanel > File Manager, and open a folder called public_html....
Read more >
How to Fix a 403 Forbidden Error on Your WordPress Site
The 403 Forbidden error means that your server is working, but you no longer have permission to view all or some of your...
Read more >
403 Forbidden Error: What It Is and How to Fix It - Airbrake Blog
Check the Requested URL​​ The most common cause of a 403 Forbidden Error is simply inputting an incorrect URL. As discussed before, many...
Read more >
Prohibited Employment Policies/Practices
Under the laws enforced by EEOC, it is illegal to discriminate against someone (applicant or employee) because of that person's race, color, religion, ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

<Can /> or condition

Next page

Check for "all" entities instead of "at least one"