Read CASL in Aurelia app for details.
- CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access
- Aurelia is a JavaScript client framework for mobile, desktop and web leveraging simple conventions and empowering creativity. The main benefit of Aurealia is that resulting code is highly portable and testable, it's easy to read and support.
- js-data is a framework-agnostic, datastore-agnostic JavaScript ORM built for ease of use and peace of mind. Works in Node.js and in the Browser.
This blog application shows how to integrate CASL in Aurelia based application. Application uses standard aurelia cli setup with minor changes:
- all custom elements and attributes are in
src/components
folder - value converters are in
src/pipes
- bootstrap component is in
src/components/root
folder
Note: refactored to use CASL 2.0. See @casl/ability and @casl/aurelia for details.
Clone this repository and run:
npm ci
npm start
Now you can open http://localhost:8080 to see application.
js-data
mappers configuration can be found atsrc/config/store
Session
is fetched for each page reload atsrc/config/session
To see application without CASL integration, checkout to without-casl
branch.
All abilities are defined in src/config/abilities
and updated each time a new Session
is created, found or destroyed (i.e., when user log in or log out).
Application uses can
value convertor with if
binding:
<li if.bind="'Post' | can: 'create'">
<a route-href="route: newPost">Add Post</a>
</li>
In this case if user has ability to create
posts, he will see the button, otherwise button will be removed.
For more information about value convertors please refer to Aurealia documentation