feathers-casl

• chore: migrate to pnpm & update dependencies (#115) 5c7a3ce
• Create CODE_OF_CONDUCT.md b8d7c15

https://github.com/fratzinger/feathers-casl/compare/v2.1.1...v2.1.2

• Fix get items is array (#110) b05eb3f

https://github.com/fratzinger/feathers-casl/compare/v2.1.0...v2.1.1

• feat: mask method for custom methods (#101) 8da9b3e
• chore: update dependencies & feathers peerDependency (#100) 924fea6
• docs(readme): feathers 5 0057929
• docs: remove ref to 'makeAbilityFromRules' 237a27d
• docs: add note for authResult in channels b337e90

https://github.com/fratzinger/feathers-casl/compare/v2.0.0...v2.1.0

• refactor!: export default as 'feathersCasl' (#90) 722b5f5

Because of quirks between CommonJS and ESM I have to make a change to the default import. This is the change:

// old code
import casl from "feathers-casl"

Becomes this:

// new code
import { feathersCasl } from "feathers-casl";

https://github.com/fratzinger/feathers-casl/compare/v1.0.0...v2.0.0

• dove - upgrade to feathers v5 (#79) 7a3b7d7

https://github.com/fratzinger/feathers-casl/compare/v0.7.2...v1.0.0

• chore: update dependencies & add types & module entry to package.json 249d2ef
• refactor: do not export "HOOKNAME" 8d5e164

https://github.com/fratzinger/feathers-casl/compare/v1.0.0-1...v1.0.0-2

• fix: update dependencies - feathers-utils: esm - pre.34: removed $-function - feathers-sequelize: removed $-function 54cdefa

https://github.com/fratzinger/feathers-casl/compare/v1.0.0-0...v1.0.0-1

• chore: update dependencies cca3db2
• chore: remove console.logs 8a01e75
• fix: around hook check for context.result fe66a1b
• fix!: keep up with recent dove (#77) 1a1f9bc
• Merge branch 'dove-0.6' into dove b3ffacd
• test: augment ServiceOptions of correct adapter-commons package 3c6d87f
• test: comment all casl service options 972f58c
• fix: allow service.options to be undefined df1caf0
• test: fix tests fb2ca55
• chore: update feathers-utils 9923b21
• feat: update to feathers 5 df079af

https://github.com/fratzinger/feathers-casl/compare/v0.7.0...v1.0.0-0

• chore: use import type & use feathers-utils: getItemsIsArray (#72) a61c0d8
• docs: netlify use vitepress folder 2ae365b
• docs: move to vitepress (#71) 0b7226d
• Merge pull request #54 from dbvcode/patch-1 f6871b5
• Appened typescript version of code 0adfa65
• Merge pull request #51 from fratzinger/vuepress@next fc3ff04
• chore: move to vuepress & move to package.files 23832c1
• replace david-dm 58dd2c8

https://github.com/fratzinger/feathers-casl/compare/v0.7.1...v0.7.2

• chore: update feathers-nedb to v6 - uses @seald-io/nedb a322de6

https://github.com/fratzinger/feathers-casl/compare/v0.7.0...v0.7.1

Feat:

• authorize: refetch items if $select and properties from casl conditions mismatch so order of authorize in hooks chain doesn't matter.
• Channels: add channels option to getChannelsWithReadAbility to use prefiltered connections
• Util checkBasicPermission: use the hook checkBasicPermission as a util

Fix:

• globally export all types

See PR #40

https://github.com/fratzinger/feathers-casl/compare/v0.6.0...v0.7.0

• refactor(channels): move filterChannels to getChannelsWithReadAbility 2c2f91b

https://github.com/fratzinger/feathers-casl/compare/v0.6.1-10...v0.6.1-11

• chore: move to np for publish 5284672
• feat(channels): add filterChannels - closes #44 8f506f7
• chore: downgrade vitepress ab3b821
• test: increase code coverage 8836aac
• refactor: authorize before and after as utils 9eaec71
• refactor: checkBasicPermission as util b77df0e
• fix: check existence of '_get' and use 'get' otherwise 9e21db2
• fix: check existence of '_get' and use 'get' otherwise b013a4e

https://github.com/fratzinger/feathers-casl/compare/v0.6.1-9...v0.6.1-10

Feat:

• #4: new isomorphic hook: checkBasicPermission that can be used on server side and on client side
  • server side: can be used as the very first hook after authenticate('jwt') to reject requests with basic restrictions (only does a portion of the authorize-hook. It's not a replacement at all. In fact, authorize uses checkBasicPermission, if it wasn't used before
  • client side: checkBasicPermission can be used as a client side before hook if you have the ability on the client side. That way you can skip a request entirely, if checkBasicPermission rejects.
• #10: You can now change the actions for events. checkout the docs (useActionName)
• #29: useUpdateData and usePatchData on authorize

Changed:

• #2: Before this PR, authorize hook was hiding a $select completely, if there were conditions from rules. This PR extracts the fields from conditions and compares them with params.query.$select and adds remaining fields. This results in smaller requests.

BREAKING:

Operators $not, $nor, $and - maybe update your service options whitelists as follows:

• feathers-memory: app.use('...', new Service({ whitelist: ['$nor', '$and'] }))
• feathers-nedb: app.use'...', new Service({ whitelist: ['$not', '$and'] }))
• feathers-mongodb: app.use("...', new Service({ whitelist: ['$nor', $and'] }))
• feathers-mongoose: app.use("...", new Service({ whitelist: ['$nor', '$and'] }))
• feathers-knex: app.use("...", new Service({ whitelist: ["$not"] }))
• feathers-objection: nothing to do :)
• feathers-sequelize: This one is a little bit different than the others. See the following:

const { Service } = require("feathers-sequelize");
const { Op } = require("sequelize");

// ...

app.use('...', new Service({
  Model,
  operators: {
    $not: Op.not
  },
  whitelist: ["$not"]
}))

BREAKING:

• rules defined with casl are now combined with $or! This is the default behavior of casl: https://casl.js.org/v5/en/guide/conditions-in-depth#why-logical-query-operators-are-not-included (#17, Thanks @GVanderLugt)

Changed:

• original query and query from feathers-casl are now merged with $and by default (#24, Thanks @mrfrase3)

Docs:

• moved from VuePress to VitePress ⚡
• added notes for whitelist option in 'Getting Started'

BREAKING:

• feathers-mongoose: add whitelist: ["$nor"] to service options!
• feathers-sequelize: add the following to your services!:

// src/services/users.service.js
const { Op } = require('sequelize');
//...
const options = {
  Model,
  operators: {
    $not: Op.not
  },
  whitelist: ["$not"]
};

Added:

• rulesToQuery for feathers-mongoose, feathers-objection, feathers-sequelize
• added tests for feathers-knex, feathers-memory, feathers-mongodb, feathers-mongoose, feathers-nedb, feathers-objection, feathers-sequelize
• added adapter property to authorize() hook options to specify the adapter. It defaults to feathers-memory which works the same as in v0.3.1. Adding one of feathers-knex, feathers-memory, feathers-mongodb, feathers-mongoose, feathers-nedb, feathers-objection or feathers-sequelize will add a better support for your adapter.

Fixed:

• feathers-sequelize: fixed operators
• feathers-objection: fixed _get(id) without params

Fixes:

• $limit was overridden by default $limit from service options

Chore:

• update compiled version from es5 to es2015

Features:

• availableFields: casl^5 makes it mandatory to provide available Fields for services. feathers-casl uses optional options.availableFields for this, which is highly recommended to set! See it in the cookbook and feel free to add a recipe for your adapter (mongoose, objection, ...).
• checkAbilityForInternal: previously the priority of ability was: options.ability > params.ability > undefined. Now it is: params.ability > options.ability. For internal calls (!params.provider) the options.ability will be skipped be default. To prevent this, set options.checkAbilityForInternal to true

Fixes:

• read now is with find/get for multi/single requests and get in channels (Thanks @vigalo - #6)
• multi-patch now working correctly (Thanks @dessHub - #8)

BREAKING CHANGE:

• [email protected] was upgraded to support @casl/ability^5. See @casl/ability^5.1.0