Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CASL
Isomorphic Permission Management
Who am I and what I do here?
Experience:
● working from dark times of IE6
● PHP, Ruby, Nodejs, ~Java and .NET Core
Hobbies...
CASL. Isomorphic permission management
What? CASL?
Why CASL?
ACL
Why CASL?
<div v-if="user.role === 'admin' || post.authorId ===
user.id">
<button @click="publish">Publish</button>
</div>
Why CASL?
<div v-if="user.role === 'admin' || user.role ===
'moderator' || post.authorId === user.id">
<button @click="pub...
Why CASL?
Why CASL?
<div v-if="can('publish')">
<button @click="publish">Publish</button>
</div>
Why CASL?
<div v-if="can('publish', 'Post')">
<button @click="publish">Publish</button>
</div>
Story telling
How to CASL
Evolve ACL as requirements evolve1
What’s special in CASL?
Declarative configuration2
In-memory validation and ...
How to CASLHow to CASLHow to CASL
How to CASLPermissions: admin
can manage all
How to CASLPermissions: writer
can create Article
can read Article
where published = true
can read, update Article
where a...
How to CASLPermissions: unauthenticated
can read Article
where published = true
How to CASLCASL: admin
can('manage', 'all')
How to CASLCASL: admin
import { AbilityBuilder } from '@casl/ability'
const { can } = AbilityBuilder.extract()
can('manage...
How to CASLCASL: writer
can('create', 'Article')
can('read', 'Article', {
published: true
})
can(['read', 'update'], 'Arti...
How to CASLCASL: unauthenticated
can('read', 'Article', { published: true })
How to CASLCASL validation: seeds
const myUser = new User({ id: 1, email: 'writer@casl.io' })
const myDraft = new Article(...
How to CASLCASL validation: seeds
const anotherUser = new User({ email: 'another.writer@casl.io' })
const anotherDraft = n...
How to CASLCASL validation: admin
import { Ability } from '@casl/ability'
import { rulesForAdmin } from './rules'
const ab...
How to CASLCASL validation: writer
const ability = new Ability(rulesForWriter(myUser))
ability.can('create', 'Article') //...
How to CASLCASL validation: unauthenticated
const ability = new Ability(rulesForAnonymous())
ability.can('read', 'Article'...
How to CASLCASL Demo
Vue app Express API
How to CASLCASL Alternatives
Downloads
/ month
Github
stars
Size
(gzip)
Last updated Tree
shaking
Instance
validation
Attribute
validation
DB
Queries
@...
THERE IS NO MAGIC HERE
How to CASLNo Magic Behind!
SQL joins1
Synchronous2
Specification pattern3
How to CASLWhat else?
NO
ROLES
IN MY
ACL
How to CASLWhat else? Feature flags
How to CASLWhat else? Hardware capabilities
How to CASLWhat else? Business logic
async function rulesForUser(user) {
const { rules, can, cannot } = AbilityBuilder.ext...
CASL
Isomorphic Permission Management
Sergii Stotskyi
sergiy.stotskiy@gmail.com
?
JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management
Upcoming SlideShare
Loading in …5
×

of

JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 1 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 2 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 3 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 4 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 5 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 6 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 7 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 8 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 9 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 10 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 11 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 12 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 13 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 14 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 15 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 16 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 17 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 18 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 19 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 20 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 21 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 22 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 23 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 24 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 25 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 26 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 27 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 28 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 29 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 30 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 31 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 32 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 33 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 34 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 35 JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management Slide 36
Upcoming SlideShare
What to Upload to SlideShare
Next

0 Likes

Share

JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management

CASL - це бібліотека, що допомогає інтегрувати прості права доступу в зрозумілій формі та розширяти їх з часом. Оскільки CASL написаний на чистому ES6, то його можна використовувати з довільною ORM, HTTP або UI framework-ом. А допоміжні пакети дозволять інтегруватись без додаткових зусиль.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

JS Fest 2019/Autumn. Сергій Стоцький. CASL. Isomorphic Permission Management

  1. 1. CASL Isomorphic Permission Management
  2. 2. Who am I and what I do here? Experience: ● working from dark times of IE6 ● PHP, Ruby, Nodejs, ~Java and .NET Core Hobbies: ● chess, books ● articles , open source contribution
  3. 3. CASL. Isomorphic permission management
  4. 4. What? CASL?
  5. 5. Why CASL? ACL
  6. 6. Why CASL? <div v-if="user.role === 'admin' || post.authorId === user.id"> <button @click="publish">Publish</button> </div>
  7. 7. Why CASL? <div v-if="user.role === 'admin' || user.role === 'moderator' || post.authorId === user.id"> <button @click="publish">Publish</button> </div>
  8. 8. Why CASL?
  9. 9. Why CASL? <div v-if="can('publish')"> <button @click="publish">Publish</button> </div>
  10. 10. Why CASL? <div v-if="can('publish', 'Post')"> <button @click="publish">Publish</button> </div>
  11. 11. Story telling
  12. 12. How to CASL Evolve ACL as requirements evolve1 What’s special in CASL? Declarative configuration2 In-memory validation and database queries3 MongoDB-like conditions4 Serializable rules5
  13. 13. How to CASLHow to CASLHow to CASL
  14. 14. How to CASLPermissions: admin can manage all
  15. 15. How to CASLPermissions: writer can create Article can read Article where published = true can read, update Article where author = me can delete, publish Article where author = me and published = false can read, update User where id = me
  16. 16. How to CASLPermissions: unauthenticated can read Article where published = true
  17. 17. How to CASLCASL: admin can('manage', 'all')
  18. 18. How to CASLCASL: admin import { AbilityBuilder } from '@casl/ability' const { can } = AbilityBuilder.extract() can('manage', 'all')
  19. 19. How to CASLCASL: writer can('create', 'Article') can('read', 'Article', { published: true }) can(['read', 'update'], 'Article', { authorId: user.id }) can(['delete', 'publish'], 'Article', { authorId: user.id, published: false }) can(['read', 'update'], 'User', { id: user.id })
  20. 20. How to CASLCASL: unauthenticated can('read', 'Article', { published: true })
  21. 21. How to CASLCASL validation: seeds const myUser = new User({ id: 1, email: 'writer@casl.io' }) const myDraft = new Article({ authorId: myUser.id, published: false }) const myArticle = new Article({ authorId: myUser.id, published: true })
  22. 22. How to CASLCASL validation: seeds const anotherUser = new User({ email: 'another.writer@casl.io' }) const anotherDraft = new Article({ ... }) const anotherArticle = new Article({ ... })
  23. 23. How to CASLCASL validation: admin import { Ability } from '@casl/ability' import { rulesForAdmin } from './rules' const ability = new Ability(rulesForAdmin()) ability.can('read', 'Article') // true ability.can('read', 'User') // true ability.can('read', myArticle) // true
  24. 24. How to CASLCASL validation: writer const ability = new Ability(rulesForWriter(myUser)) ability.can('create', 'Article') // true ability.can('read', anotherDraft) // false ability.can('read', anotherArticle) // true ability.can('read', myDraft) // true ability.can('read', myArticle) // true
  25. 25. How to CASLCASL validation: unauthenticated const ability = new Ability(rulesForAnonymous()) ability.can('read', 'Article') // true ability.can('read', anotherArticle) // true ability.can('read', anotherUser) // false ability.can('read', anotherDraft) // false ability.can('create', 'Article') // false
  26. 26. How to CASLCASL Demo Vue app Express API
  27. 27. How to CASLCASL Alternatives
  28. 28. Downloads / month Github stars Size (gzip) Last updated Tree shaking Instance validation Attribute validation DB Queries @casl/ability 105k 1.6k 3.9K 2 weeks ago Yes Yes Yes Yes acl 31k 2.3k 56.6K 2 years ago No No No No accesscontrol 44k 965 7.7K 10 months ago Maybe No Yes No connect-roles 20k 704 5.2K 9 months ago No No No No casbin 16k 670 34.6K 2 months ago Maybe Yes Yes No cancan 1.7k 578 985 1 year ago No Yes No No How to CASLCASL Alternatives
  29. 29. THERE IS NO MAGIC HERE
  30. 30. How to CASLNo Magic Behind! SQL joins1 Synchronous2 Specification pattern3
  31. 31. How to CASLWhat else? NO ROLES IN MY ACL
  32. 32. How to CASLWhat else? Feature flags
  33. 33. How to CASLWhat else? Hardware capabilities
  34. 34. How to CASLWhat else? Business logic async function rulesForUser(user) { const { rules, can, cannot } = AbilityBuilder.extract() can('read', 'Post') if (user.hasActiveSubscription()) { can('update', 'Post', { userId: user.id }) } else { cannot('update', 'Post') .because('Your subscription has been expired') } return rules })
  35. 35. CASL Isomorphic Permission Management Sergii Stotskyi sergiy.stotskiy@gmail.com ?

CASL - це бібліотека, що допомогає інтегрувати прості права доступу в зрозумілій формі та розширяти їх з часом. Оскільки CASL написаний на чистому ES6, то його можна використовувати з довільною ORM, HTTP або UI framework-ом. А допоміжні пакети дозволять інтегруватись без додаткових зусиль.

Views

Total views

325

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

0

Shares

0

Comments

0

Likes

0

×