/ live.thehmm.nl / back / node_modules / @strapi / permissions / / live.thehmm.nl / back / node_modules / @strapi / permissions /![[ICO]](/icons/blank.gif){kind=icon} | Name | Last modified | Size | Description |
|---|---|---|---|---|
![[PARENTDIR]](/icons/back.gif){kind=icon} | Parent Directory | - | ||
![[DIR]](/icons/folder.gif){kind=icon} | lib/ | 2 years ago | - | |
![[ ]](/icons/unknown.gif){kind=icon} | LICENSE | 40 years ago | 1.4K | |
![[TXT]](/icons/text.gif){kind=icon} | README.md | 40 years ago | 3.1K | d7c1522 post receive test [كارل مبارك] |
| index.d.ts | 40 years ago | 1.6K | |
| package.json | 2 years ago | 1.9K |
Highly customizable permission engine made for Strapi
yarn add @strapi/permissionsconst permissions = require('@strapi/permissions');
const engine = permissions.engine.new({ providers });
const ability = await engine.generateAbility([
{ action: 'read' },
{ action: 'delete', subject: 'foo' },
{ action: 'update', subject: 'bar', properties: { fields: ['foobar'] } },
{
action: 'create',
subject: 'foo',
properties: { fields: ['foobar'] },
conditions: ['isAuthor'],
},
]);
ability.can('read'); // true
ability.can('publish'); // false
ability.can('update', 'foo'); // false
ability.can('update', 'bar'); // trueproviders object property.abilityBuilderFactory to customize what kind of ability the generateAbility method will return. By default it'll use a @casl/ability builder.You can also register to some hooks for each engine instance.
See lib/engine/hooks.js -> createEngineHooks for available hooks.
const permissions = require('@strapi/permissions');
const engine = permissions.engine
.new({ providers })
.on('before-format::validate.permission', ({ permission }) => {
if (permission.action === 'read') {
return false;
}
});
const ability = await engine.generateAbility([
{ action: 'read' },
{ action: 'delete', subject: 'foo' },
{ action: 'update', subject: 'bar', properties: { fields: ['foobar'] } },
{
action: 'create',
subject: 'foo',
properties: { fields: ['foobar'] },
conditions: ['isAuthor'],
},
]);
ability.can('read'); // false since the validation hook prevents the engine from registering the permission
ability.can('publish'); // false
ability.can('update', 'foo'); // false
ability.can('update', 'bar'); // trueThe format.permission hook can be used to modify the permission.
const permissions = require('@strapi/permissions');
const engine = permissions.engine
.new({ providers })
.on('before-format::validate.permission', ({ permission }) => {
if (permission.action === 'modify') {
return false;
}
})
.on('after-format::validate.permission', ({ permission }) => {
if (permission.action === 'update') {
return false;
}
})
.on('format.permission', ({ permission }) => {
if (permission.action === 'update') {
return {
...permission,
action: 'modify',
};
}
if (permission.action === 'delete') {
return {
...permission,
action: 'remove',
};
}
return permission;
});
const ability = await engine.generateAbility([{ action: 'update' }, { action: 'delete' }]);
ability.can('update'); // false
ability.can('modify'); // true, because create was changed to 'modify'
ability.can('delete'); // false, doesn't exist because it was changed by format.permission
ability.can('remove'); // true, before-format::validate.permission validates before format.permission changed it