First pre-release targeting v6
Pre-release
Pre-release
Breaking changes
- Package is now ESM only
- The
@iocprefixed imports have been removed.
- import Bouncer from '@ioc:Adonis/Addons/Bouncer'
+ import { Bouncer } from '@adonisjs/bouncer'
- import { BasePolicy } from '@ioc:Adonis/Addons/Bouncer'
+ import { BasePolicy } from '@adonisjs/bouncer'
- import { action } from '@ioc:Adonis/Addons/Bouncer'
+ import { action } from '@adonisjs/bouncer'- Remove public property
bouncer.actionsin favor ofbouncer.abilities. We get rid of theactionskeyword because it is generic and can be used in many different contexts, whereas abilities are more specific. - Remove
bouncer.BasePolicyin favor of direct import.
- import { BasePolicy } from '@ioc:Adonis/Addons/Bouncer'
+ import { BasePolicy } from '@adonisjs/bouncer'- Remove
bouncer.actionin favor of direct import.
- import { action } from '@ioc:Adonis/Addons/Bouncer'
+ import { action } from '@adonisjs/bouncer'- Remove
bouncer.beforeandbouncer.afterhooks. Use policies for hooks. - Remove the
bouncer.registerPoliciesmethod. Policies collection can be defined using a plain old JavaScript object.
- export const { policies } = Bouncer.registerPolicies({
- PostPolicy: () => import('App/Policies/PostPolicy')
- })
+ export const { policies } = {
+ PostPolicy: () => import('#policies/post_policy')
+ })- The
Bouncer.denymethod now returns an instance of theAuthorizationResponseclass. Earlier, it used to return a tuple. However, the input arguments are still the same. - Remove method
resolvePolicy. It was meant to be used internally anyway, but it is not needed anymore. E_AUTHORIZATION_FAILUREis now self-handled and will convert itself to an HTTP response.- Remove methods
bouncer.canandbouncer.cannot. Instead, usebouncer.edgeHelpers.can. Thebouncer.canandbouncer.cannotmethods were used by Edge templates, so now they must be grabbed from theedgeHelpersproperty.
- bouncer.can('PostPolicy.edit', new Post())
+ bouncer.edgeHelpers.can('PostPolicy.edit', new Post())
- bouncer.cannot('PostPolicy.edit', new Post())
+ bouncer.edgeHelpers.cannot('PostPolicy.edit', new Post())Sharing abilities with Bouncer
In the old version, the abilities were called actions and were defined inside the start/bouncer.ts file using the Bouncer.define method.
In this latest release, we get rid of the keyword actions and use abilities. You may continue to define abilities using the Bouncer.define method. However, you must update the initialize_bouncer_middleware file and register them with Bouncer as follows.
import { abilities, policies } from '#start/bouncer'
Bouncer.create(
() => ctx.auth.user,
abilities,
policies
)New features
- Use
@allowGuestto allow a policy action to be executed for guest users. Earlier, you had to use the@action({ allowGuest: true })decorator. Think of this new decorator as a shorthand alternative. - Bouncer now emits the
authorization:finishedevent you may use to inspect the response of authorization checks. - You may now use translations for authorization error messages. Read the documentation to learn more.
- Policies can now inject dependencies inside the constructor that will be resolved using the IoC container.
Commits
- docs: add README file 44ca3be
- ci: skip edge compiler output tests on windows e47c0d3
- ci: update checks yaml file a58144c
- feat: add support for make:policy command 324002e
- refactor: accept ability options as first parameter 2cd6e43
- refactor: convert edgeHelpers method to edgeHelpers property 1070b91
- feat: abilities builder to be compatible with the old API eedc514
- refactor: rename Bouncer.define to Bouncer.ability fe350be
- refactor: make bouncer.policies and bouncer.abilities public 6e45c38
- feat: add configure command ed989c2
- feat: add provider 5eff877
- feat: add edge plugin for registering tags 506697d
- feat: add events 28ad309
- feat: implement policies hooks 9e28719
- feat: finish abilities and policies API b3ffcb1
- feat: implement bouncer actions 2567f6f
Full Changelog: v2.3.0...v3.0.0-0