Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How do field restrictions work in rule definition?

See original GitHub issue
ability = [
  {
    "actions": ["create", "read", "update", "delete"],
    "subject": "Post",
     "fields" : ['title'],
    "conditions": {
      "author": "${user.id}"
    }
  },
  {
    "actions": ["read", "update"],
    "subject": "User",
"fields" : ['UserName','phoneNo'],
    "conditions": {
      "id": "${user.id}"
    }
  }
]

What would be expected behavior from the above Rules for an ability ? Does it restrict a user from updating the field ‘title’ in Task or does it allow only that field to be edited ?

I am trying to find a working example for ability.define(). Yes, there is one available for ability.can(). Can i have more information on this please ?

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

4reactions
stalniycommented, Nov 19, 2019

All properties in conditions are logically AND-ed and rules with the same pair of action and object are logically OR-ed

That’s why the 1st definitions doesn’t work

1reaction
stalniycommented, Nov 19, 2019

fields are just additional flags which you can use to enforce permissions. So, in your case:

ability.can('read', 'Post') // true
ability.can('read', 'Post', 'title') // true
ability.can('read', 'Post', 'description') // false

class Post {
  constructor(props) {
    Object.assign(this, props)
  }
}

ability.can('read', new Post({ userId: 1, title: 'test', description: 'test' })) // true
ability.can('read', new Post({ userId: 1, title: 'test', description: 'test' }), 'description') // false

Also you can use some useful helpers methods for @casl/ability/extra subpackage. You can find info about it here - https://github.com/stalniy/casl/tree/master/packages/casl-ability#4-extra

Read more comments on GitHub >

github_iconTop Results From Across the Web

Restrict data input by using validation rules - Microsoft Support
You can define validation rules for table fields and for controls on forms. When you define rules for tables, those rules apply when...
Read more >
About Field-Level Rules - General Electric
Field-level rules define how a field will behave under certain circumstances. The field-level rules for a given field are stored within the family...
Read more >
ConfiForms Field Definition Rules - Vertuna WIKI
Rules are the best way to add dynamics to your forms, make validation rules conditional or customise form UI behaviour. Available rules.
Read more >
Definition & Execution of Business Rules for Fields ...
These rules need to be respected by the extracted field values, in order for the extraction to be considered successful (e.g. Invoice Number ......
Read more >
Introduction to attribute rules—ArcGIS Pro | Documentation
Additionally, an attribute rule can be used to restrict values for an attribute field that are not part of the domain when performing...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Custom errors

Next page

Issues with Content Security Policy