NOTE: This is the version for Feathers v5. For Feathers v4 use feathers-casl v0
Add access control with CASL to your feathers application.
This project is built for FeathersJS. An open source web framework for building modern real-time applications. It's based on CASL and is a convenient layer to use CASL in feathers.js.
- Fully powered by Feathers 5 & CASL 6
- Allows permissions for all methods
create
,find
,get
,update
,patch
,remove
, orcreate
,read
,update
,delete
- Define permissions not based on methods:
can('view', 'Settings')
(Bring your custom logic) - Restrict by conditions:
can('create', 'Task', { userId: user.id })
- Restrict by individual fields:
cannot('update', 'User', ['roleId'])
- Native support for restrictive
$select
:can('read', 'User', ['id', 'username'])
->$select: ['id', 'username']
- Support to define abilities for anything (providers, users, roles, 3rd party apps, ...)
- Fully supported adapters:
@feathersjs/knex
,@feathersjs/memory
,@feathersjs/mongodb
,feathers-sequelize
, not supported:feathers-mongoose
,feathers-nedb
,feathers-objection
- Support for dynamic rules stored in your database (Bring your own implementation ;) )
- hooks:
-
checkBasicPermission
hook for client side usage as a before-hook -
authorize
hook for complex rules - Disallow/allow
multi
methods (create
,patch
,remove
) dynamically with:can('remove-multi', 'Task', { userId: user.id })
-
- channels:
- every connection only receives updates based on rules
-
channels
-support also regards restrictive fields - rules can be defined individually for events
- utils:
-
checkCan
to be used in hooks to check authorization before operations
-
- Baked in support for
@casl/angular
,@casl/react
,@casl/vue
and@casl/aurelia
You need more information? Please have a look: https://feathers-casl.netlify.app/
npm i feathers-casl @casl/ability
Simply run npm test
and all your tests in the test/
directory will be run. It has full support for Visual Studio Code. You can use the debugger to set breakpoints.
For more information on all the things you can do, visit FeathersJS and CASL.
Licensed under the MIT license.