New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible future of cancan #28
Comments
Could you provide a full example? From here it's not clear how is it simpler.
This is interesting. Do you have any examples?
This is probably too much. The whole point of the package is to give yes/no answers and have a simple API. I'm afraid this will make it complex. Do you have a real use case, where cancan failed?
Same as above. Since cancan is abstract, I don't see the point of making a middleware for a specific project. Feel free to release it as an individual module though.
Would also like to see real use cases, where this is useful.
Always welcome.
Why?
It doesn't use any Node.js-specific libraries, what makes it not usable in a browser?
Again, always happy to accept documentation improvements.
I think all of them will share the same "cancan code" and will just be demos on how to set up Express or other frameworks.
Good thinking! Let's elaborate more on these points and see what can be done. |
I'd suggest you to look at https://github.com/CanCanCommunity/cancancan#getting-started you will find detailed description of all points. I'd like to create a package which will have the same functionality but in JavaScript, the starting point is MongoDB adapter. I know that you want to keep code short and simple but I want to make it featured, as ACL framework, the same as it is in Ruby world. Answers for each question:
const { can } = new RuleBuilder()
const Ability = require('cancan')
can('read', Post)
const ability = new Ability(can.rules)
// or
const rules = await Permission.find()
const ability = new Ability(rules)
// or
const response = await http.get('http://some.api.com/session')
const ability = new Ability(response.data.rules) Basically you can work with rule sources (datasources) much easier. Hope that all clear and let me know if you have other questions! Looking forward to successful collaboration :) |
About browser build: |
I don't think I want to do any of these (except documentation and test improvements), because they would make this module a monster and I like how tiny and focused it is now. If a project requires such a complex ACL, there's a good chance it needs a custom solution. |
I see. Thanks for your time. The project won't be monster you will see this a bit later ;) |
Thanks for putting all these suggestions too. Too bad that it's not a good fit, in my opinion. Good luck with your project! |
Please check https://github.com/stalniy/casl in case if you are interested to see what I came up with |
I'd like to suggest possible future of cancan:
ability.can('read', Post)
instead ofcan(user, 'read', Post)
)Post.accessibleBy(ability)
, whereability
is a configured instance ofAbility
class which in this library is just calledCanCan
RuleBuilder
andAbility
this will allow to build context dependent DSLmocha
orjest
for testing)Some of these I did in past, so instead of creating one more cancan project suggest to merge some of my ideas into yours :)
So, @vadimdemedes what do you think?
The text was updated successfully, but these errors were encountered: