CASL behavior if subject has no rules


When not providing any rule for a given subject in CASL checking an ability for this subject always returns false.

E.g.

import { Ability } from '@casl/ability';

const ability = new Ability({
  action: "read", subject: "FirstSubject",
  // no rule for SecondSubject
});

ability.can("read", "FirstSubject");    // true
ability.can("write", "FirstSubject");   // false

ability.can("read", "SecondSubject");   // false  <-- These two lines should
ability.can("write", "SecondSubject");  // false  <-- return `true`

Is it possible to change this behavior in a way that the ability returns true for subjects that do not have any rules?

In my use case I have a very large amount of subjects and new ones can be added dynamically.
It would be difficult to always having to add { action: "manage", subject: "NewSubject"} whenever a new subject is added.
I would rather like to only add rules for subjects where something is actually restricted.

Source: JavaSript – Stack Overflow

October 13, 2021
Category : News
Tags: casl | javascript | permissions | rules | subject

Leave a Reply

Your email address will not be published. Required fields are marked *

Sitemap | Terms | Privacy | Cookies | Advertising

Senior Software Developer

Creator of @LzoMedia I am a backend software developer based in London who likes beautiful code and has an adherence to standards & love's open-source.