Merge pull request #1687 from stalniy/patch-1

kamilmysliwiec · web-flow · commit 554bbc4585eb · 2021-01-26T08:16:07.000+01:00
docs(authorization): updates casl example in accordance to the changes in v5
diff --git a/content/security/authorization.md b/content/security/authorization.md
@@ -250,16 +250,21 @@ export class CaslAbilityFactory {
     can(Action.Update, Article, { authorId: user.id });
     cannot(Action.Delete, Article, { isPublished: true });
 
-    return build();
+    return build({
+      // Read https://casl.js.org/v5/en/guide/subject-type-detection#use-classes-as-subject-types for details
+      detectSubjectType: item => item.constructor as ExtractSubjectType<Subjects>
+    });
   }
 }
 ```
 
 > warning **Notice** `all` is a special keyword in CASL that represents "any subject".
 
-> info **Hint** `Ability`, `AbilityBuilder`, and `AbilityClass` classes are exported from the `@casl/ability` package.
+> info **Hint** `Ability`, `AbilityBuilder`, `AbilityClass`, and `ExtractSubjectType` classes are exported from the `@casl/ability` package.
 
-In the example above, we created the `Ability` instance using the `AbilityBuilder` class. As you probably guessed, `can` and `cannot` accept the same arguments but has different meanings, `can` allows to do an action on the specified subject and `cannot` forbids. Both may accept up to 4 arguments. To learn more about these functions, visit the official [CASL documentation](https://casl.js.org/v4/en/guide/intro).
+> info **Hint** `detectSubjectType` option let CASL understand how to get subject type out of an object. For more information read  [CASL documentation](https://casl.js.org/v5/en/guide/subject-type-detection#use-classes-as-subject-types) for details.
+
+In the example above, we created the `Ability` instance using the `AbilityBuilder` class. As you probably guessed, `can` and `cannot` accept the same arguments but has different meanings, `can` allows to do an action on the specified subject and `cannot` forbids. Both may accept up to 4 arguments. To learn more about these functions, visit the official [CASL documentation](https://casl.js.org/v5/en/guide/intro).
 
 Lastly, make sure to add the `CaslAbilityFactory` to the `providers` and `exports` arrays in the `CaslModule` module definition:
 
@@ -289,7 +294,7 @@ if (ability.can(Action.Read, 'all')) {
 }
 ```
 
-> info **Hint** Learn more about the `Ability` class in the official [CASL documentation](https://casl.js.org/v4/en/guide/intro).
+> info **Hint** Learn more about the `Ability` class in the official [CASL documentation](https://casl.js.org/v5/en/guide/intro).
 
 For example, let's say we have a user who is not an admin. In this case, the user should be able to read articles, but creating new ones or removing the existing articles should be prohibited.
 
