CASL (pronounced /ˈkæsəl/, like castle) is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access. It's designed to be incrementally adoptable and can easily scale between a simple claim based and fully featured subject and attribute based authorization.
CASL does not have a concept of "a role" and this makes it very powerful! As CASL allows to describe user abilities in your application, you can use it to: Implement feature toggles Hide unfinished feature or show it to beta testers only. Conduct A/B testing Based on age, region, country or whatever hide features for some users and show for others
Prisma authorization using CASL permission management library. Test permissions in runtime and get accessible record using Prisma Where conditions
CASL.js is an MIT licensed open source project and completely free to use. However, the amount of effort needed to maintain and develop new features for the project is not sustainable without proper financial backing. You can support CASL.js development via the following methods: One-time Donations We accept donations through these channels:
Rules You can define as much rules as you need, CASL builds an index under the hood to keep checking logic fast. So, don't worry about performance. You can define the same pair of action and subject with different conditions multiple times. For example: ... In such case, the pair of action/subject rules are combined by logical OR.
Restricting fields access This is documentation for CASL v4, which is no longer actively maintained. For up-to-date documentation, see the latest version (v6) Sometimes you may need to restrict which fields a user can access. For example, let's allow only moderators to publish Article: ... Now we can check permissions on fields: