How to allow more users to edit an article with casl react

Question

Im using CASL rect to setup authorization in my javascript project.

It is nice when I have to ask, if a user has the access to edit an article because he is the author.

But when I have more then one author, how I may check that the current user may edit this article?

<Can I='edit' a={{ editor_ids: article.editor_ids, type: 'Article' }}

I do not understand how to check that the current user id is in the editor_ids in the ability.

can('edit', 'Article', { editor_ids: ....something here for currentUser.id .... })

Answer 1

You can find details about this in Supported operators and in Common conditions

In your particular example:

1. Define ability:

   import { defineAbility } from '@casl/ability'
   
   const options = { 
     // https://casl.js.org/v4/en/guide/subject-type-detection
     detectSubjectType: /* logic to detect subject type */ 
   }
   export const createAbilityFor = (currentUser) => defineAbility(options, (can) => {
     can('edit', 'Article', { editor_ids: currentUser.id }) // can edit article if user.id is in editor_ids
   })
   

2. Check permissions:

   // createAbilityFor is a function from prev example
   
   const currentUser = { id: 1 }
   const ability = createAbilityFor(currentUser);
   
   ability.can('edit', { type: 'Article', editor_ids: [1, 2, 3] }) // true
   ability.can('edit', { type: 'Article', editor_ids: [3, 4, 5] }) // false