Create a new Service with casl&Dashboard

1 - Create new service

 feathers generate service
   ? What kind of service is it? Mongoose
   ? What is the name of the service? posts
   ? Which path should the service be registered on? /posts
   ? Does the service require authentication? Yes

2. Create Validator file

inside your new service folder create new file - [YOUR_SERVICE_NAME].validators.js

const {Joi} = require('feathers-mongoose-casl');

const getJoiObject = function(withRequired){
  const required = withRequired ? 'required' : 'optional';
  return Joi.object({
    author: Joi.objectId().meta({
      type: 'ObjectId',
      ref: 'users',
      displayKey: 'email'
    })[required](),
    title: Joi.string().min(5)[required]().meta({
      dashboard: {
        label: 'Post title',
        inputProps: JSON.stringify({style: {background: 'red'}})
      }
    }),
    body: Joi.string()[required](),
    rating: Joi.number().max(5).meta({
      dashboard: {
        hideOnUpdate: true,
        hideOnCreate: true,
      }
    }),
    image: Joi.objectId().meta({
      type: 'ObjectId',
      ref: 'files',
      displayKey: 'name'
    })
  });
};

module.exports = getJoiObject;

3. Update Posts model

To connect the joi validator we use createModelFromJoi,

in this way we can validation the Mongoose models without the hassle of maintaining two schemas.

open src > models > posts.models.js

You can still use a Mongoose schema

Mongoose schema

4. Define abilities and config dashboard

open src > services > posts > posts.service.js

6. Protect posts.hooks

  • hook.authenticate This is wrapper of @feathersjs/authentication - Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS.

  • hooks.validateAbilities This is a wrapper of Casl, in this hook, we will define abilities and block client without the ability to run this request Casl will add to mongoose query object a relevant key value before making the request, and validate Abilities will remove fields from user request by id abilities

  • hooks.validateSchema This hook will use JOI to validate request data follow the scheme

  • hooks.sanitizedData This hook will remove data from response follow the user abilities

7. Commit changes

dashboard:

Now you can see the posts service inside the dashboard https://feathersjs-mongoose-casl-admin.herokuapp.com/ Anyone can read the posts title User can create/update only if he the author Only admin user can delete posts

Try to create a new posts from the dashboard

PreviousDashboardNextPosts Postman snippet

Last updated

Was this helpful?