Blitz Guard Versions Save

Blitz Guard - The centralized permission based authorization for Blitz.js

v0.4.1

2 years ago

💥 Major Changes

  • Reasons: Give your rules custom a custom message
...

const Guard = GuardBuilder<ExtendedResourceTypes, ExtendedAbilityTypes>(
  async (ctx, { can, cannot }) => {
	cannot('manage', 'all')

	can("create", "article")
	cannot("create", "article").reason("Because I say so")

...

const { can, reason } = Guard.can("create", "article",{},{})
console.log(can) // false
console.log(reason) // "Because I say so"

This introduces a breaking change if you are using Guard.can

// Before
- const can = Guard.can("create", "article",{},{})
// now
+ const { can, reason } = Guard.can("create", "article",{},{})

At the same time, if you are using the getAbility hook, the return type now is an object instead of a boolean

...
const [[canCreateComment, canDeleteComment], { isLoading }] = useQuery(getAbility, [
  ["create", "comment"],
  ["delete", "comment" /* args */],
])

console.log(canCreateComment.can) // true
console.log(canCreateComment.reason) // "some reason"

console.log(canDeleteComment.can) // false
console.log(canDeleteComment.reason) // "some reason"

// Before
- const [[canCreateComment], { isLoading }] = useQuery(getAbility, [
- console.log(canCreateComment) // true

// Now
+ console.log(canCreateComment.can) // true
+ console.log(canCreateComment.reason) // "some reason"

🚀 Minor Changes

  • Adds Guard.authorizePipe
...
resolver.pipe(
  resolver.zod(CreateProject),
  Guard.authorizePipe("create", "project"),
...

If you are using pipes in your queries or mutations you can use Guard.authorizePipe as shown in the example. If the authorization fails it will throw an AuthorizationError

See usage here: https://ntgussoni.github.io/blitz-guard/docs/secure-your-endpoints/#guardauthorizepipe

Internal Meta Changes

  • Updates docs
  • Update of dependencies

v0.3.1

3 years ago

🐞 Patches

  • Removes resource sanitization: 767c36d9d42cec4862d8ece5f351813e6fbd1257

Internal Meta Changes

  • Makes warning about how empty ability works: aa39769038c494642d50ba94c2eb75dd7544557b
  • Adds how to contribute documentation Updates docs colors and adds favicon: 8c018054cdd66058e8f830b0ab25fcb6db563a2b
  • Updates docs to enforce cannot('manage', 'all'): 0d6420be9556e0c86fcc0daad85537a6ce7e164d
  • Merge pull request #17 from ntgussoni/add-fail-to-sample-test: 49057c2a4398ab151671b21167d662750322c337

v0.3.0

3 years ago

🔥 Major Changes

  • Updates the signature of Guard.can to match authenticate: a838b16d51152b5995cf2b4c693a896003a36c5a

Internal Meta Changes

  • Updates example prisma version: b0f3d2add531a2b2999c6f301d28c169ce513c03
  • Adds middleware to example app: 4c0819e0d4ee93072aa83bef545a2af79804f513
  • Improves docs and adds testing section: 54af305d09bf49cc89f00ee0989896fda859596d

v0.2.1

3 years ago

🐞 Patches

  • Updates types destination path: eb9b884bf3f759674044f5b6f597eb206af64b40

v0.2.0

3 years ago

🚀 Major Changes

  • Refactored library to improve type handling Removes useGuard in favor of a simple useQuery hook Ability is the main entry file now: 42a3222c78af39d4dc3f38ff6c9ffcc8fc5f8a06
  • Updates typescript configuration for incremental updates Updates example app to latest blitz version: 7bb315c596e964c9aaf12dbff1c98588daeffbfd

Internal Meta Changes

  • Updates documentation: 9cc0a2dd506412b6ee0eb6536e5fa200dfe21c8b

v0.1.12

3 years ago

🐞 Patches

  • Updates package: a4c3f5cddc3c3bf998bcf68f5f75b8870cfb9c7a

v0.1.6

3 years ago

Initial release