Skip to content

casl

https://casl.js.org/v5/en/guide/intro

What is CASL?

CASL (pronounced /ˈkæsəl/, like castle) is an isomorphic authorization JavaScript library which restricts what resources a given client is allowed to access. It's designed to be incrementally adoptable and can easily scale between a simple claim based and fully featured subject and attribute based authorization. It makes it easy to manage and share permissions across UI components, API services, and database queries.

作为js的一个权限判断lib,内部主要定义了4个要素:

  • User Action

    Describes what user can actually do in the app. User action is a word (usually a verb) which depends on the business logic (e.g., prolong, read). Very often it will be a list of words from CRUD - create, read, update and delete.

  • Subject

    The subject or subject type which you want to check user action on. Usually this is a business (or domain) entity (e.g., Subscription, Article, User). The relation between subject and subject type is the same as relation between an object instance and its class.

  • Fields

    Can be used to restrict user action only to matched subject's fields (e.g., to allow moderator to update status field of an Article and disallow to update description or title)

  • Conditions

    Criteria which restricts user action only to matched subjects. This is useful when you need to give a permission on specific subjects (e.g., to allow user to manage own Article)

manage and all are special keywords in CASL. manage represents any action and all represents any subject.

大致了解后,当前 构播云 需要的定制,大致类似于:

  • 巡管 -> manage all
  • agency admin -> manage(agency, corp, room, assistant)
  • corp admin -> manage(corp, room, assistant)
  • room admin -> manage(room, assistant)