Bot releases are hidden (Show)
https://github.com/fratzinger/feathers-casl/compare/v2.1.1...v2.1.2
https://github.com/fratzinger/feathers-casl/compare/v2.1.0...v2.1.1
https://github.com/fratzinger/feathers-casl/compare/v2.0.0...v2.1.0
Published by fratzinger over 1 year ago
Because of quirks between CommonJS and ESM I have to make a change to the default import. This is the change:
// old code
import casl from "feathers-casl"
Becomes this:
// new code
import { feathersCasl } from "feathers-casl";
https://github.com/fratzinger/feathers-casl/compare/v1.0.0...v2.0.0
Published by fratzinger over 1 year ago
https://github.com/fratzinger/feathers-casl/compare/v0.7.2...v1.0.0
https://github.com/fratzinger/feathers-casl/compare/v1.0.0-1...v1.0.0-2
https://github.com/fratzinger/feathers-casl/compare/v1.0.0-0...v1.0.0-1
https://github.com/fratzinger/feathers-casl/compare/v0.7.0...v1.0.0-0
https://github.com/fratzinger/feathers-casl/compare/v0.7.1...v0.7.2
https://github.com/fratzinger/feathers-casl/compare/v0.7.0...v0.7.1
authorize
: refetch items if $select
and properties from casl conditions
mismatch so order of authorize
in hooks chain doesn't matter.channels
option to getChannelsWithReadAbility
to use prefiltered connectionscheckBasicPermission
: use the hook checkBasicPermission
as a utilSee PR #40
https://github.com/fratzinger/feathers-casl/compare/v0.6.0...v0.7.0
https://github.com/fratzinger/feathers-casl/compare/v0.6.1-10...v0.6.1-11
https://github.com/fratzinger/feathers-casl/compare/v0.6.1-9...v0.6.1-10
Published by fratzinger about 3 years ago
checkBasicPermission
that can be used on server side and on client side
authenticate('jwt')
to reject requests with basic restrictions (only does a portion of the authorize
-hook. It's not a replacement at all. In fact, authorize
uses checkBasicPermission
, if it wasn't used beforecheckBasicPermission
can be used as a client side before
hook if you have the ability on the client side. That way you can skip a request entirely, if checkBasicPermission
rejects.useActionName
)
useUpdateData
and usePatchData
on authorize
authorize
hook was hiding a $select
completely, if there were conditions from rules. This PR extracts the fields from conditions and compares them with params.query.$select
and adds remaining fields. This results in smaller requests.$not
, $nor
, $and
- maybe update your service options whitelists as follows:app.use('...', new Service({ whitelist: ['$nor', '$and'] }))
app.use'...', new Service({ whitelist: ['$not', '$and'] }))
app.use("...', new Service({ whitelist: ['$nor', $and'] }))
app.use("...", new Service({ whitelist: ['$nor', '$and'] }))
app.use("...", new Service({ whitelist: ["$not"] }))
const { Service } = require("feathers-sequelize");
const { Op } = require("sequelize");
// ...
app.use('...', new Service({
Model,
operators: {
$not: Op.not
},
whitelist: ["$not"]
}))
Published by fratzinger over 3 years ago
$or
! This is the default behavior of casl: https://casl.js.org/v5/en/guide/conditions-in-depth#why-logical-query-operators-are-not-included (#17, Thanks @GVanderLugt)feathers-casl
are now merged with $and
by default (#24, Thanks @mrfrase3)whitelist
option in 'Getting Started'Published by fratzinger over 3 years ago
feathers-mongoose
: add whitelist: ["$nor"]
to service options!feathers-sequelize
: add the following to your services!:// src/services/users.service.js
const { Op } = require('sequelize');
//...
const options = {
Model,
operators: {
$not: Op.not
},
whitelist: ["$not"]
};
rulesToQuery
for feathers-mongoose
, feathers-objection
, feathers-sequelize
feathers-knex
, feathers-memory
, feathers-mongodb
, feathers-mongoose
, feathers-nedb
, feathers-objection
, feathers-sequelize
adapter
property to authorize()
hook options to specify the adapter. It defaults to feathers-memory
which works the same as in v0.3.1
. Adding one of feathers-knex
, feathers-memory
, feathers-mongodb
, feathers-mongoose
, feathers-nedb
, feathers-objection
or feathers-sequelize
will add a better support for your adapter.feathers-sequelize
: fixed operatorsfeathers-objection
: fixed _get(id)
without paramsPublished by fratzinger over 3 years ago
$limit
was overridden by default $limit
from service optionses5
to es2015
Published by fratzinger over 3 years ago
availableFields
: casl^5
makes it mandatory to provide available Fields for services. feathers-casl
uses optional options.availableFields
for this, which is highly recommended to set! See it in the cookbook and feel free to add a recipe for your adapter (mongoose, objection, ...).checkAbilityForInternal
: previously the priority of ability
was: options.ability
> params.ability
> undefined
. Now it is: params.ability
> options.ability
. For internal calls (!params.provider
) the options.ability
will be skipped be default. To prevent this, set options.checkAbilityForInternal
to true
read
now is with find
/get
for multi/single requests and get
in channels (Thanks @vigalo - #6)[email protected]
was upgraded to support @casl/ability^5
. See @casl/ability^5.1.0