Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Related objects from different collections/tables in can, cannot #152

Closed
ghost opened this issue Jan 30, 2019 · 4 comments
Closed

Related objects from different collections/tables in can, cannot #152

ghost opened this issue Jan 30, 2019 · 4 comments

Comments

@ghost
Copy link

ghost commented Jan 30, 2019
edited by ghost
Loading

My problem is I am trying to set the delete clause for messages, i.e. a message can be delete only when it has been created by the user.

The message/post classes look something like this

Message { id: int, text: string, createdBy: int, belongsToPost: int (belongsToPost foreign key to post) }

Post { id: int, createdBy: int, content: string, (createdBy foreign key to users) }

Now I want to add functionality that a message can be deleted only when it has been created by the user.

can('delete', 'Message', { belongsToPost : {createdBy: user.id}})

It doesn't work because belongsToPost is only the foreign key and it throws an error that the statement {createdBy: user.id} is not defined for this type.

I could solve the problem by adding the field createdBy to message as well, but is there a way to achieve this without repetitive data?

Thanks for your help!
@ghost ghost closed this as completed Jan 30, 2019
@ghost ghost reopened this Jan 30, 2019
@ghost ghost changed the title nesting object in can, cannot (Question) nesting objects in can, cannot Jan 30, 2019
@ghost ghost changed the title nesting objects in can, cannot nested objects in can, cannot Jan 30, 2019
@stalniy
Copy link
Owner

stalniy commented Jan 31, 2019

Hello

Thanks for the issue. I’ll check it on weekend. Don’t have enough free time during working week :)

@stalniy
Copy link
Owner

stalniy commented Feb 3, 2019

I'm not sure whether I correctly understand everything because as far as I see createdBy is present on both Message and Post. So, this case you can do:

can('delete', 'Message', { createdBy: user.id })

But if you want to define rules based on fields of related entities, than CASL can't help you. Here you need to help him. You need to prepopulate your Message object with related Post object, so the Post instance is available under message.belongsToPost. When you do this, you will be able to check permissions in memory (on application level).

If you want to query all messages from database which can be deleted by some user based on related object field, you will need to improve functionality of @casl/mongoose or if implement by your own functionality for SQL dbs (read my comment in #8). Currently there are no plans to implement this in CASL but strategically yes, I'd like this to be implemented.

@stalniy stalniy changed the title nested objects in can, cannot Related objects from different collections/tables in can, cannot Feb 3, 2019
@stalniy
Copy link
Owner

stalniy commented Feb 6, 2019

@AlexGoranov does it clarify your question?

@stalniy
Copy link
Owner

stalniy commented Feb 8, 2019

Close due to inactivity

@stalniy stalniy closed this as completed Feb 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stalniy