Skip to content
This repository has been archived by the owner on Jan 12, 2023. It is now read-only.

v4.0.0
Compare
Choose a tag to compare
@JaneJeon JaneJeon released this 04 Jan 07:04
· 260 commits to master since this release
v4.0.0
1179147
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

After literally a year, we now have v4! 🎉

This release features MASSIVE internal overhaul, leading to more consistency across the board, the support for related queries, AND a guarantee that it will work on arbitrarily complex queries!

BTW If you’re scared by the below changelog, just note that when I dogfooded this v4 release with my own lynx application, I literally didn’t need to change ANYTHING on the objection-authorize part (I did need to update the syntax - a 2-liner - as I upgraded from @casl/ability v3 -> v5)! Seriously, for most people, this should require ZERO lines of code changes!

Breaking changes:

  • role-acl support dropped as it is now archived (RIP). This also means the role-acl specific inputs have been dropped (yay)
  • removed support for casl@3 for the same reasons (that means casl@4 is now simply casl)
  • throws on invalid inputs instead of silently stripping them
  • authorizeRead() must be explicitly called on the model instance to filter the model’s fields according to ACL. This change was made for sake of simplifying internals and making certain behaviours of the library more apparent.

Improvements:

  • you can now pass in array inputs!
  • (for CASL) no need to initialize objection models to pre-populate fields from the DB!
  • thanks to the move to Objection’s static hooks, this library now covers arbitrarily complex queries without edge cases!
  • support for nested fields on inputs/models (previously you could not filter on fields that needed dot notation to access e.g. foo.bar). This means this library now covers arbitrarily complex models, ACLs, and query objects!
  • no more deprecation notices from Objection :)
  • support for "update" queries (i.e. it won't break if you try to pass in the whole object instead of just the diff)!
  • ability to fetch resource context dynamically from the database! This means you no longer need to first fetch the resource, and then to obj.$query()!!

Internal changes:

  • move to static hooks
  • drastically increased test coverage and cleaner tests
  • ...which is enabled by the MASSIVE overhaul of the testing architecture. For starters, the tests are now wrapped in a transaction, so after every test, that transaction will be rolled back (meaning the database is exactly as it was before the test ran). This allows pristine database state, which allows deterministic (and singular) seeding of test fixtures!
  • this also allows for COMPLETE cleanup of the database connector after tests, so now jest will not have to “kill” the tests after it’s done; rather, knex will politely clean up after itself after the tests are done!
  • re-implementation and cleanup of ACL adapter classes to make passing context much more intuitive
  • we’re now testing against Postgres instead of SQLite (it’s okay, the pg db is still mmap’d) since SQLite doesn’t support full JSON support (and just “serializes” them into string, which looks like [object Object] which is just so completely fucking stupid I cannot comprehend just what kind of meth the devs must’ve been on to make that decision to not even at least fully serialize the JSON instead of just half-assing it)
Assets 2