fix(builder): makes AbilityBuilder bound methods define as arrow functions

Fixes #736

Author: stalniy

packages/casl-ability/spec/types/AbilityBuilder.spec.ts

@@ -1,43 +1,79 @@
 import { expectTypeOf } from 'expect-type'
 import {
   AbilityBuilder,
-  AbilityClass,
-  PureAbility,
-  SubjectType,
-  MongoQuery,
-  AbilityTuple,
-  MongoAbility,
-  createMongoAbility
+  AbilityClass, AbilityTuple, createMongoAbility, MongoAbility, PureAbility
 } from '../../src'
 
 describe('AbilityBuilder types', () => {
-  type Method<T extends any[]> = (...args: T) => any
-
   it('infers types from `PureAbility` default generics', () => {
     const builder = new AbilityBuilder<PureAbility<AbilityTuple>>(PureAbility)
-    type Can = typeof builder.can
 
-    expectTypeOf<Method<[string, SubjectType]>>().toMatchTypeOf<Can>()
-    expectTypeOf<Method<[string[], SubjectType[]]>>().toMatchTypeOf<Can>()
-    expectTypeOf<Method<[string, SubjectType, unknown]>>().toMatchTypeOf<Can>()
-    expectTypeOf<[string, SubjectType, string | string[]]>().toMatchTypeOf<Parameters<Can>>()
-    expectTypeOf<[string, SubjectType, string | string[], unknown]>()
-      .toMatchTypeOf<Parameters<Can>>()
-    expectTypeOf<[string, SubjectType, {}]>().not.toMatchTypeOf<Parameters<Can>>()
-    expectTypeOf<[string, SubjectType, string]>().not.toEqualTypeOf<Parameters<Can>>()
-    expectTypeOf<[string]>().not.toEqualTypeOf<Parameters<Can>>()
+    builder.can('read', 'Subject')
+    builder.can('read', class {})
+    // @ts-expect-error only `string | class` can be a subject type
+    builder.can('read', {})
+
+    builder.can(['read', 'update'], ['Subject1', 'Subject2'])
+    builder.can('update', ['Subject1', 'Subject2'])
+    builder.can(['read', 'update'], 'Subject')
+    // @ts-expect-error only `string | string[]` can be used as action
+    builder.can(1, 'Subject')
+
+    builder.can('read', 'Subject', {})
+    builder.can('read', 'Subject', { title: 'new' })
+    builder.can('read', 'Subject', { title: 'new2', anyOtherProperty: true })
+    builder.can('read', 'Subject', 1)
+    builder.can('read', 'Subject', () => {})
+    builder.can('read', 'Subject', 'field1')
+    builder.can('read', 'Subject', 'field1', { condition: true })
+    builder.can('read', 'Subject', ['field1', 'field2'])
+    builder.can('read', 'Subject', ['field1', 'field2'], () => {})
+    // @ts-expect-error expects 3rd parameter to fields -> `string | string[]`
+    builder.can('read', 'Subject', {}, () => {})
   })
 
   it('infers types from `createMongoAbility` default generics', () => {
     const builder = new AbilityBuilder(createMongoAbility)
-    type Can = typeof builder.can
 
-    expectTypeOf<Method<[string, SubjectType]>>().toMatchTypeOf<Can>()
-    expectTypeOf<Method<[string[], SubjectType[]]>>().toMatchTypeOf<Can>()
-    expectTypeOf<Method<[string, SubjectType, MongoQuery]>>().toMatchTypeOf<Can>()
-    expectTypeOf<[string, SubjectType, string | string[]]>().toMatchTypeOf<Parameters<Can>>()
-    expectTypeOf<[string, SubjectType, string | string[], MongoQuery]>()
-      .toMatchTypeOf<Parameters<Can>>()
+    builder.can('read', 'Subject')
+    builder.can('read', class {})
+    // @ts-expect-error only `string | class` can be a subject type
+    builder.can('read', {})
+
+    builder.can(['read', 'update'], ['Subject1', 'Subject2'])
+    builder.can('update', ['Subject1', 'Subject2'])
+    builder.can(['read', 'update'], 'Subject')
+    // @ts-expect-error only `string | string[]` can be used as action
+    builder.can(1, 'Subject')
+
+    builder.can('read', 'Subject', {})
+    builder.can('read', 'Subject', {
+      title: {
+        unknownOperator$: true, // TODO: change types to error this
+      }
+    })
+    builder.can('read', 'Subject', {
+      published: {
+        $eq: true
+      }
+    })
+    // @ts-expect-error conditions is expected to be a MongoQuery
+    builder.can('read', 'Subject', () => {})
+    // @ts-expect-error conditions is expected to be a MongoQuery
+    builder.can('read', 'Subject', 1)
+
+    builder.can('read', 'Subject', 'field')
+    builder.can('read', 'Subject', 'field', {
+      published: {
+        $eq: true
+      }
+    })
+    builder.can('read', 'Subject', ['field1', 'field2'], {
+      published: {
+        $eq: true
+      }
+    })
+    builder.can('read', 'Subject', ['field1', 'field2'])
   })
 
   it('infers single action argument type from ClaimAbility', () => {
@@ -95,6 +131,32 @@ describe('AbilityBuilder types', () => {
     })
   })
 
+  describe('action and subject pairs restrictions', () => {
+    type Post = { id: number, title: string, kind: 'Post' }
+    type User = { id: number, name: string, kind: 'User' }
+    type AppAbility = MongoAbility<
+    ['read' | 'update' | 'delete' | 'create', 'Post' | Post] |
+    ['read' | 'update', 'User' | User]
+    >
+    let builder: AbilityBuilder<AppAbility>
+
+    beforeEach(() => {
+      builder = new AbilityBuilder<AppAbility>(createMongoAbility)
+    })
+
+    it('allows to use only specified actions for specified subjects', () => {
+      builder.can('read', 'Post', { id: 1 })
+      builder.can('read', 'Post', { id: 1, title: 'test' })
+      builder.can(['update', 'delete', 'create'], 'Post', { id: 1, title: 'test' })
+      // @ts-expect-error "manage" is not in allowed list of actions for this subject
+      builder.can('manage', 'Post')
+
+      builder.can(['read', 'update'], 'User', { id: 1 })
+      // @ts-expect-error "delete" is not in allowed list of actions for this subject
+      builder.can('delete', 'User', { id: 1 })
+    })
+  })
+
   describe('class type as a subject', () => {
     class Post {
       id!: number

packages/casl-ability/src/Ability.ts

@@ -28,13 +28,13 @@ export interface MongoAbility<
   C extends MongoQuery = MongoQuery
 > extends PureAbility<A, C> {}
 
+export function createMongoAbility<
+  T extends AnyMongoAbility = MongoAbility
+>(rules?: RawRuleOf<T>[], options?: AbilityOptionsOf<T>): T;
 export function createMongoAbility<
   A extends AbilityTuple = AbilityTuple,
   C extends MongoQuery = MongoQuery
 >(rules?: RawRuleFrom<A, C>[], options?: AbilityOptions<A, C>): MongoAbility<A, C>;
-export function createMongoAbility<
-  T extends AnyMongoAbility = AnyMongoAbility
->(rules?: RawRuleOf<T>[], options?: AbilityOptionsOf<T>): T;
 export function createMongoAbility(rules: any[] = [], options = {}): AnyMongoAbility {
   return new PureAbility(rules, {
     conditionsMatcher: mongoQueryMatcher,

packages/casl-ability/src/AbilityBuilder.ts

@@ -1,16 +1,11 @@
 import { AnyMongoAbility, createMongoAbility } from './Ability';
-import { AnyAbility, AbilityOptionsOf } from './PureAbility';
-import { RawRuleOf, Generics } from './RuleIndex';
+import { ProduceGeneric } from './hkt';
+import { AbilityOptionsOf, AnyAbility } from './PureAbility';
+import { Generics, RawRuleOf } from './RuleIndex';
 import {
-  ExtractSubjectType as E,
-  AbilityTuple,
-  SubjectType,
-  TaggedInterface,
-  Normalize,
-  AnyObject,
-  AnyClass,
+  AbilityTuple, AnyClass, AnyObject, ExtractSubjectType as E, Normalize, SubjectType,
+  TaggedInterface
 } from './types';
-import { ProduceGeneric } from './hkt';
 
 function isAbilityClass(factory: AbilityFactory<any>): factory is AnyClass {
   return typeof factory.prototype.possibleRulesFor === 'function';
@@ -42,7 +37,7 @@ type InstanceOf<T extends AnyAbility, S extends SubjectType> = S extends AnyClas
 type ConditionsOf<T extends AnyAbility, I extends {}> =
   ProduceGeneric<Generics<T>['conditions'], I>;
 type ActionFrom<T extends AbilityTuple, S extends SubjectType> = T extends any
-  ? S extends T[1] ? T[0] : never
+  ? S extends Extract<T[1], SubjectType> ? T[0] : never
   : never;
 type ActionOf<T extends AnyAbility, S extends SubjectType> = ActionFrom<Generics<T>['abilities'], S>;
 type SubjectTypeOf<T extends AnyAbility> = E<Normalize<Generics<T>['abilities']>[1]>;
@@ -77,34 +72,56 @@ type BuilderCanParametersWithFields<
   : SimpleCanParams<T>;
 type Keys<T> = string & keyof T;
 
+type AddRule<T extends AnyAbility> = {
+  <
+    I extends InstanceOf<T, S>,
+    F extends string = Keys<I>,
+    S extends SubjectTypeOf<T> = SubjectTypeOf<T>
+  >(...args: BuilderCanParametersWithFields<S, I, F | Keys<I>, T>): RuleBuilder<T>;
+  <
+    I extends InstanceOf<T, S>,
+    S extends SubjectTypeOf<T> = SubjectTypeOf<T>
+  >(...args: BuilderCanParameters<S, I, T>): RuleBuilder<T>;
+};
+
 export class AbilityBuilder<T extends AnyAbility> {
   public rules: RawRuleOf<T>[] = [];
   private readonly _createAbility: AbilityFactory<T>;
+  public can: AddRule<T>;
+  public cannot: AddRule<T>;
+  public build: (options?: AbilityOptionsOf<T>) => T;
 
   constructor(AbilityType: AbilityFactory<T>) {
     this._createAbility = AbilityType;
-    this.can = this.can.bind(this as any);
-    this.cannot = this.cannot.bind(this as any);
-    this.build = this.build.bind(this as any);
+
+    this.can = (
+      action: string | string[],
+      subject?: SubjectType | SubjectType[],
+      conditionsOrFields?: string | string[] | Generics<T>['conditions'],
+      conditions?: Generics<T>['conditions']
+    ) => this._addRule(action, subject, conditionsOrFields, conditions, false);
+    this.cannot = (
+      action: string | string[],
+      subject?: SubjectType | SubjectType[],
+      conditionsOrFields?: string | string[] | Generics<T>['conditions'],
+      conditions?: Generics<T>['conditions']
+    ) => this._addRule(action, subject, conditionsOrFields, conditions, true);
+
+    this.build = options => (isAbilityClass(this._createAbility)
+      ? new this._createAbility(this.rules, options)
+      : this._createAbility(this.rules, options));
   }
 
-  can<
-    I extends InstanceOf<T, S>,
-    S extends SubjectTypeOf<T> = SubjectTypeOf<T>
-  >(...args: BuilderCanParameters<S, I, T>): RuleBuilder<T>;
-  can<
-    I extends InstanceOf<T, S>,
-    F extends string = Keys<I>,
-    S extends SubjectTypeOf<T> = SubjectTypeOf<T>
-  >(...args: BuilderCanParametersWithFields<S, I, F | Keys<I>, T>): RuleBuilder<T>;
-  can(
+  private _addRule(
     action: string | string[],
     subject?: SubjectType | SubjectType[],
     conditionsOrFields?: string | string[] | Generics<T>['conditions'],
-    conditions?: Generics<T>['conditions']
+    conditions?: Generics<T>['conditions'],
+    inverted?: boolean
   ): RuleBuilder<T> {
     const rule = { action } as RawRuleOf<T>;
 
+    if (inverted) rule.inverted = inverted;
     if (subject) {
       rule.subject = subject;
 
@@ -120,35 +137,8 @@ export class AbilityBuilder<T extends AnyAbility> {
     }
 
     this.rules.push(rule);
-
     return new RuleBuilder(rule);
   }
-
-  cannot<
-    I extends InstanceOf<T, S>,
-    S extends SubjectTypeOf<T> = SubjectTypeOf<T>
-  >(...args: BuilderCanParameters<S, I, T>): RuleBuilder<T>;
-  cannot<
-    I extends InstanceOf<T, S>,
-    F extends string = Keys<I>,
-    S extends SubjectTypeOf<T> = SubjectTypeOf<T>
-  >(...args: BuilderCanParametersWithFields<S, I, F | Keys<I>, T>): RuleBuilder<T>;
-  cannot(
-    action: string | string[],
-    subject?: SubjectType | SubjectType[],
-    conditionsOrFields?: string | string[] | Generics<T>['conditions'],
-    conditions?: Generics<T>['conditions'],
-  ): RuleBuilder<T> {
-    const builder = (this as any).can(action, subject, conditionsOrFields, conditions);
-    builder._rule.inverted = true;
-    return builder;
-  }
-
-  build(options?: AbilityOptionsOf<T>) {
-    return isAbilityClass(this._createAbility)
-      ? new this._createAbility(this.rules, options)
-      : this._createAbility(this.rules, options);
-  }
 }
 
 type DSL<T extends AnyAbility, R> = (