diff --git a/content/security/authorization.md b/content/security/authorization.md index 1aae181999..a5f7f8c7d6 100644 --- a/content/security/authorization.md +++ b/content/security/authorization.md @@ -253,7 +253,7 @@ export class CaslAbilityFactory { cannot(Action.Delete, Article, { isPublished: true }); return build({ - // Read https://casl.js.org/v5/en/guide/subject-type-detection#use-classes-as-subject-types for details + // Read https://casl.js.org/v6/en/guide/subject-type-detection#use-classes-as-subject-types for details detectSubjectType: (item) => item.constructor as ExtractSubjectType, }); @@ -265,9 +265,9 @@ export class CaslAbilityFactory { > info **Hint** `Ability`, `AbilityBuilder`, `AbilityClass`, and `ExtractSubjectType` classes are exported from the `@casl/ability` package. -> info **Hint** `detectSubjectType` option let CASL understand how to get subject type out of an object. For more information read [CASL documentation](https://casl.js.org/v5/en/guide/subject-type-detection#use-classes-as-subject-types) for details. +> info **Hint** `detectSubjectType` option let CASL understand how to get subject type out of an object. For more information read [CASL documentation](https://casl.js.org/v6/en/guide/subject-type-detection#use-classes-as-subject-types) for details. -In the example above, we created the `Ability` instance using the `AbilityBuilder` class. As you probably guessed, `can` and `cannot` accept the same arguments but have different meanings, `can` allows to do an action on the specified subject and `cannot` forbids. Both may accept up to 4 arguments. To learn more about these functions, visit the official [CASL documentation](https://casl.js.org/v5/en/guide/intro). +In the example above, we created the `Ability` instance using the `AbilityBuilder` class. As you probably guessed, `can` and `cannot` accept the same arguments but have different meanings, `can` allows to do an action on the specified subject and `cannot` forbids. Both may accept up to 4 arguments. To learn more about these functions, visit the official [CASL documentation](https://casl.js.org/v6/en/guide/intro). Lastly, make sure to add the `CaslAbilityFactory` to the `providers` and `exports` arrays in the `CaslModule` module definition: @@ -297,7 +297,7 @@ if (ability.can(Action.Read, 'all')) { } ``` -> info **Hint** Learn more about the `Ability` class in the official [CASL documentation](https://casl.js.org/v5/en/guide/intro). +> info **Hint** Learn more about the `Ability` class in the official [CASL documentation](https://casl.js.org/v6/en/guide/intro). For example, let's say we have a user who is not an admin. In this case, the user should be able to read articles, but creating new ones or removing the existing articles should be prohibited.