casl | isomorphic authorization JavaScript library | Authorization library

Versions

• apollo-server-errors: 3.2.0

• graphql: 15.6.1/ 15.7.0

• nestjs-cli: 8.1.2

• npm: 6.14.15

• Typescript: 4.4.4

Error:

I am trying to implement CASL Authorisation in a react app, I think there is something I am not quite understanding about how to implement it.

The standard Can components seems to work with the basic CRUD actions, but I have not been able to get the conditions to have any effect. I think I am missing something.

My current theory is that I need to be using TypeScript instead of plain Javascript to make the whole thing work. I don't know any TypeScript at the moment and I really want to push forward with my App instead of having to learn another language. I will learn TypeScript if I have to though, I need to know if its worth doing. Below is a boiled down version of what I have built so far.

Example on Code Sandbox

Expected Behaviour I would expect the app to show that the person can read and create Thing records. They should also be able to update or delete the specific Apple record.

Expected Output:
I can look at things
I can create a thing
I can update this apple
I can delete this apple

Actual Behaviour It ignores anything to do with the conditions and allows create, read, update and delete on everything.

Actual Output:
I can look at things
I can create a thing
I can update any thing
I can delete any thing

The main app

I am trying to use @casl/mongoose with mongoose-paginate-v2 in my express.js app, but the problem is that both libs must be used on the model object.

I have a component that I'll like to show if user has permission but the Can component seem to hide the component regardless of user permission.

Following is my ability.js module

There is an interesting article about ARM8.1 Graviton 2 offering of AWS. This article has tests for CPU coherency where I am trying to repeat.

There is C++ code repo in GitHub named core-latency using Nonius Micro-benchmarking.

I managed to replicate the first test without atomic instructions using the command below to compile:

After upgrading my nuxt-cli version to 2.15.3 i've notice that pages chunks size was reduced and all node_modules installed packages are now being bundled into the app.js which is getting huge now.

Here below you can see my nuxt.config.js

I am testing out the use of "@casl/ability" for RBAC in express. According to CASL docs, I should be able to define conditional restrictions on attributes against actions upon subjects and in the cases where classes are not used, a subject helper function can be used to wrap DTOs.

reference: https://casl.js.org/v4/en/guide/subject-type-detection

I tried the very simple example below which should have worked. But it does not. Am I understanding it incorrectly in some ways?

I can't seem to access the nested object with the condition rule. i want a user to have access to delete an article if the article's comment has the same id as the user. these are just some made up classes to test...

here is my code:

I am using @casl/vue plugin for user permissions management in vue cli project as shown in this sample repo by casl plugin author sample(vue-blog). Here is my code
ability.js