-
Notifications
You must be signed in to change notification settings - Fork 1
/
ability.factory.ts
41 lines (34 loc) · 1.05 KB
/
ability.factory.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import {
Ability,
AbilityBuilder,
AbilityClass,
ExtractSubjectType,
InferSubjects,
} from '@casl/ability';
import { Injectable } from '@nestjs/common';
import { File } from 'src/file-upload/entities/file.entity';
import { User } from 'src/users/entities/user.entity';
import { Action } from './action.enum';
export type Subjects = InferSubjects<typeof User | typeof File> | 'all';
export type AppAbility = Ability<[Action, Subjects]>;
@Injectable()
export class AbilityFactory {
defineUser(user: User) {
const { can, cannot, build } = new AbilityBuilder(
Ability as AbilityClass<AppAbility>,
);
if (user.isAdmin) {
can(Action.Manage, 'all');
} else {
can(Action.Read, 'all');
can(Action.Update, User, { id: user.id });
can(Action.Delete, User, { id: user.id });
can(Action.Update, File, { userId: user.id });
can(Action.Delete, File, { userId: user.id });
}
return build({
detectSubjectType: (subject) =>
subject.constructor as ExtractSubjectType<Subjects>,
});
}
}