Gotchas

Here is the place for common mistakes for defined rules and unexpected behavior.

General

Mind the order of your rules

The following example results in an error, because all rules will be considered in the given order. Rules overwrite/specify the rules before.

const ability = defineAbility((can, cannot) => {
  can("read", "users");
  cannot("read", "users");
});

Fields

Conditional subset

const user = { id: 1 };

const ability = defineAbility((can, cannot) => {
  can("read", "users", ["id", "name", "email"]);
  can("read", "users", ["password"], { id: user.id });
});

What do you expect?

Do you think it results in { $select: ["id", "name", "email", "password"] } for the current user and { $select: ["id", "name", "email"] } for all other users?

Actual behavior:

current user: { $select: [] }
all other users: { $select: ["id", "name", "email", "password"] }

correct definition:

With the following configuration you only get ["id", "name", "email"] for all other users and the complete user item for the current user.

const user = { id: 1 };

const ability = defineAbility((can, cannot) => {
  can("read", "users", ["id", "name", "email"], { id: { $ne: 1 } });
  can("read", "users", { id: user.id });
});

Client side

# Gotchas

# General

# Mind the order of your rules

# Fields

# Conditional subset

# What do you expect?

# Actual behavior:

# correct definition: