Add access control with CASL to your feathers application.
This project is built for FeathersJS. An open source web framework for building modern real-time applications. It's based on CASL and is a convenient layer to use CASL in feathers.js.
- Fully powered by Feathers 4 & CASL 5
- Written in TypeScript
- Allows permissions for all methods
create
,find
,get
,update
,patch
,remove
, orcreate
,read
,update
,delete
- Define permissions not based on methods:
can('view', 'Settings')
(Bring your custom logic) - Restrict by conditions:
can('create', 'Task', { userId: user.id })
- Restrict by individual fields:
cannot('update', 'User', ['roleId'])
- Native support for restrictive
$select
:can('read', 'User', ['id', 'username'])
->$select: ['id', 'username']
- Support to define abilities for anything (providers, users, roles, 3rd party apps, ...)
- Fully supported adapters:
feathers-knex
,feathers-memory
,feathers-mongodb
,feathers-mongoose
,feathers-nedb
,feathers-objection
,feathers-sequelize
- Support for dynamic rules stored in your database (Bring your own implementation ;) )
- hooks:
checkBasicPermission
hook for client side usage as a before-hookauthorize
hook for complex rules- Disallow/allow
multi
methods (create
,patch
,remove
) dynamically with:can('remove-multi', 'Task', { userId: user.id })
- channels:
- every connection only receives updates based on rules
channels
-support also regards restrictive fields- rules can be defined individually for events
- utils:
checkCan
to be used in hooks to check authorization before operations
- Baked in support for
@casl/angular
,@casl/react
,@casl/vue
and@casl/aurelia
You need more information? Please have a look: https://feathers-casl.netlify.app/
npm i feathers-casl
Simply run npm test
and all your tests in the test/
directory will be run. It has full support for Visual Studio Code. You can use the debugger to set breakpoints.
For more information on all the things you can do, visit FeathersJS and CASL.
Licensed under the MIT license.