Create a new Service with casl&Dashboard
1 - Create new service
feathers generate service
? What kind of service is it? Mongoose
? What is the name of the service? posts
? Which path should the service be registered on? /posts
? Does the service require authentication? Yes
2. Create Validator file
inside your new service folder create new file - [YOUR_SERVICE_NAME].validators.js
const {Joi} = require('feathers-mongoose-casl');
const getJoiObject = function(withRequired){
const required = withRequired ? 'required' : 'optional';
return Joi.object({
author: Joi.objectId().meta({
type: 'ObjectId',
ref: 'users',
displayKey: 'email'
})[required](),
title: Joi.string().min(5)[required]().meta({
dashboard: {
label: 'Post title',
inputProps: JSON.stringify({style: {background: 'red'}})
}
}),
body: Joi.string()[required](),
rating: Joi.number().max(5).meta({
dashboard: {
hideOnUpdate: true,
hideOnCreate: true,
}
}),
image: Joi.objectId().meta({
type: 'ObjectId',
ref: 'files',
displayKey: 'name'
})
});
};
module.exports = getJoiObject;
3. Update Posts model
To connect the joi validator we use createModelFromJoi,
in this way we can validation the Mongoose models without the hassle of maintaining two schemas.
open src > models > posts.models.js
// posts-model.js - A mongoose model
//
// See http://mongoosejs.com/docs/models.html
// for more of what you can do here.
const validator = require('./posts.validators.js');
const {createModelFromJoi} = require('feathers-mongoose-casl');
module.exports = function (app) {
return createModelFromJoi(app, 'posts', validator);
};
You can still use a Mongoose schema
Mongoose schema4. Define abilities and config dashboard
open src > services > posts > posts.service.js
const options = {
...,
serviceRules: [
{'actions': ['read'], 'anonymousUser': true, fields: ['title']},
{'actions': ['create','read','update'], 'conditions': { 'author': '{{ user._id }}' }},
{ 'actions': ['manage'], 'roles': ['admin']},
],
dashboardConfig: {
sideBarIconName: 'table',
i18n: {
'heIL': {
serviceName: 'פוסטים',
serviceNameMany: 'פוסטים',
serviceNameOne: 'פוסט',
fields: {
'_id': 'מזהה',
'updatedAt': 'תאריך עדכון',
'createdAt': 'נוצר בתאריך',
}
}
}
}
}
6. Protect posts.hooks
const {hooks} = require('feathers-mongoose-casl');
const {authenticate, validateAbilities, validateSchema, sanitizedData, } = hooks;
module.exports = {
before: {
all: [authenticate, validateAbilities],
find: [],
get: [],
create: [validateSchema],
update: [validateSchema],
patch: [validateSchema],
remove: []
},
after: {
all: [sanitizedData],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: []
},
error: {
all: [],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: []
}
};
hook.authenticate This is wrapper of @feathersjs/authentication - Feathers local, token, and OAuth authentication over REST and Websockets using JSON Web Tokens (JWT) with PassportJS.
hooks.validateAbilities This is a wrapper of Casl, in this hook, we will define abilities and block client without the ability to run this request Casl will add to mongoose query object a relevant key value before making the request, and validate Abilities will remove fields from user request by id abilities
hooks.validateSchema This hook will use JOI to validate request data follow the scheme
hooks.sanitizedData This hook will remove data from response follow the user abilities
7. Commit changes
git add .
git commit -m "Added joi validtors to posts serives"
dashboard:
Now you can see the posts service inside the dashboard
https://feathersjs-mongoose-casl-admin.herokuapp.com/
Anyone can read the posts title
User can create/update only if he the author
Only admin user can delete posts
Try to create a new posts from the dashboard
Last updated
Was this helpful?