npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ember-cli-can

v1.0.1

Published

Simple authorisation addon for Ember apps

Downloads

8

Readme

ember-cli-can

Simple authorisation addon for Ember.

NOTE: This addon is an fork of ember-cli-can with some improvements and uptodate.

npm version Ember Observer Score Build Status

Breaking Changes

  • v0.6.0 - support for unit testing abilities added - run ember g ember-cli-can
  • v0.5.0 - support for Ember 1.13+ using new Ember.Helper, removed injections
  • v0.4.0 - stopped singularizing ability names to work with pods
  • v0.3.0 - removed if-can helper, uses sub-expression instead

See UPGRADING for more details.

Quick Example

You want to conditionally allow creating a new blog post:

{{#if (can "write post")}}
  <button type="button" onclick={{action "new"}}>Write Post</button>
{{else}}
  You can't write a new post
{{/if}}

We define an ability for the Post resource in /app/abilities/post.js:

import Ember from 'ember';
import { Ability } from 'ember-cli-can';

export default Ability.extend({
  canWrite: Ember.computed('user.isAdmin', function() {
    return this.get('user.isAdmin');
  })
});

We can also re-use the same ability to check if a user has access to a route:

import Ember from 'ember';
import { CanMixin } from 'ember-cli-can';

export default Ember.Route.extend(CanMixin, {
  beforeModel() {
    let result = this._super(...arguments);

    if (!this.can('write post')) {
      return this.transitionTo('index');
    }

    return result;
  }
});

Installation

Install this addon via ember-cli:

ember install ember-cli-can

Compatibility

| Ember Version | Ember Can Release | | ----------------- | --------------------- | | 1.9.x | 0.2 | | 1.10 through 1.12 | 0.4 | | 1.13 and beyond | 0.5+ |

Abilities

An ability class protects an individual model / resource which is available in the ability as model.

The ability checks themselves are simply standard Ember objects with computed properties:

import Ember from 'ember';
import { Ability } from 'ember-cli-can';

export default Ability.extend({
  // only admins can write a post
  canWrite: Ember.computed('user.isAdmin', function() {
    return this.get('user.isAdmin');
  }),

  // only the person who wrote a post can edit it
  canEdit: Ember.computed('user.id', 'model.author', function() {
    return this.get('user.id') === this.get('model.author');
  })
});

Handlebars Helpers

The can helper is meant to be used with {{if}} and {{unless}} to protect a block.

The first parameter is a string which is used to find the ability class call the appropriate property (see Looking up abilities).

The second parameter is an optional model object which will be given to the ability to check permissions.

As activities are standard Ember objects and computed properties if anything changes then the view will automatically update accordingly.

{{#if (can "edit post" post)}}
  ...
{{else}}
  ...
{{/if}}

As it's a sub-expression, you can use it anywhere a helper can be used. For example to give a div a class based on an ability you can use an inline if:

<div class="{{if (can 'edit post' post) 'is-editable'}}">

</div>

Additional attributes

If you need more than a single resource in an ability, you can pass them additional attributes.

You can do this in the helpers, for example this will set the model to project as usual, but also member as a bound property.

{{#if (can "remove member from project" project member=member)}}
  ...
{{/if}}

Similarly in routes you can pass additional attributes after or instead of the resource:

this.can('edit post', post, { author: bob });
this.can('write post', { project: project });

These will set author and project on the ability respectively so you can use them in the checks.

Looking up abilities

In the example above we said {{#if (can "write post")}}, how do we find the ability class & know which property to use for that?

First we chop off the last word as the resource type which is looked up via the container.

The ability file can either be looked up in the top level /app/abilities directory, or via pod structure.

Then for the ability name we remove some basic stopwords (of, for in) at the end, prepend with "can" and camelCase it all.

For example:

| String | property | resource | pod | |-----------------------------|--------------------|-------------------------|--------------------------------| | write post | canWrite | /abilities/post.js | app/pods/post/ability.js | | manage members in projects | canManageMembers | /abilities/projects.js| app/pods/projects/ability.js | | view profile for user | canViewProfile | /abilities/user.js | app/pods/user/ability.js |

Current stopwords which are ignored are:

  • for
  • from
  • in
  • of
  • to
  • on

Custom Ability Lookup

The default lookup is a bit "clever"/"cute" for some people's tastes, so you can override this if you choose.

Simply extend the default CanService in app/services/can.js and override parse.

parse takes the ability string eg "manage members in projects" and should return an object with propertyName and abilityName.

For example, to use the format "person.canEdit" instead of the default "edit person" you could do the following:

// app/services/can.js
import { CanService } from 'ember-cli-can';

export default CanService.extend({
  parse(str) {
    const [abilityName, propertyName] = str.split('.');
    return {
      propertyName,
      abilityName
    }
  }
});

Injecting the user

How does the ability know who's logged in? This depends on how you implement it in your app!

If you're using an Ember.Service as your session, you can just inject it into the ability:

// app/abilities/foo.js
import Ember from 'ember';
import { Ability } from 'ember-cli-can';

export default Ability.extend({
  session: Ember.inject.service()
});

If you're using ember-simple-auth, you'll probably want to inject the simple-auth-session:main session into the ability classes.

To do this, add an initializer like so:

// app/initializers/inject-session-into-abilities.js
export default {
  name: 'inject-session-into-abilities',
  initialize(app) {
    app.inject('ability', 'session', 'simple-auth-session:main');
  }
};

The ability classes will now have access to session which can then be used to check if the user is logged in etc...

Controllers, components & computed properties

In a controller or component, you may want to expose abilities as computed properties so that you can bind to them in your templates.

To do that there's a helper to lookup the ability for a resource, which you can then alias properties:

import { computed } from 'ember-cli-can';
import Ember from 'ember';

export default Ember.Controller.extend({
  post: null, // set by the router

  // looks up the "post" ability and sets the model as the controller's "post" property
  ability: computed.ability('post'),

  // alias properties to the ability for easier access
  canEditPost: Ember.computed.reads('ability.canEdit')
});

computed.ability assumes that the property for the resource is the same as the ability resource. If that's not the case, include it as the second parameter.

import { computed } from 'ember-cli-can';
import Ember from 'ember';

export default Ember.Controller.extend({
  // looks up the "post" ability and sets the model as the controller's "content" property
  ability: computed.ability('post', 'content')
});

Testing

Make sure that you've either ember install-ed this addon, or run the addon blueprint via ember g ember-cli-can. This is an important step that teaches the test resolver how to resolve abilities from the file structure.

Unit testing abilities

An ability unit test will be created each time you generate a new ability via ember g ability <name>. The package currently supports generating QUnit and Mocha style tests.

Unit testing in your app

To unit test modules that use the can helper, you'll need to explicitly add needs for the ability and helper file like this: needs: ['helper:can', 'ability:foo']

Integration testing in your app

For integration testing components, you should not need to specify anything explicitly. The helper and your abilities should be available to your components automatically.

Installation

  • git clone <repository-url> this repository
  • cd ember-cli-can
  • npm install

Running

Running Tests

  • npm test (Runs ember try:each to test your addon against multiple Ember versions)
  • ember test
  • ember test --server

Building

  • ember build

For more information on using ember-cli, visit https://ember-cli.com/.