Skip to Content

API Reference

In this section, we provide a detailed reference of the Asgardian API, including all available methods, their parameters, and usage examples.

Overview

Asgardian provides a comprehensive set of methods to define, manage, and check permissions. Here, you will find detailed documentation for each method.

Methods

createAbility

Creates a new instance of the ability that can be used to define rules and check permissions.

Syntax

createAbility()

Returns

An instance of the Ability class.

Example

import { createAbility } from '@nordic-ui/asgardian';
 
const ability = createAbility();

can

Defines a rule allowing a specific action on a resource.

Syntax

ability.can(action: string, resource: string, conditions?: Record<PropertyKey, unknown> => boolean)

Parameters

  • action (string | string[]): The action to be allowed (e.g., read, update).
  • resource (string): The resource on which the action can be performed (e.g., Post, Comment).
  • conditions (object, optional): An object which can be used to further restrict the rule’s evaluation.

Example

ability.can('read', 'Post');
ability.can(['update', 'delete'], 'Post', { authorId: user.id });

cannot

Defines a rule disallowing a specific action on a resource.

Syntax

ability.cannot(action: string, resource: string, conditions?: Record<PropertyKey, unknown> => boolean)

Parameters

  • action (string | string[]): The action to be disallowed (e.g., delete, manage).
  • resource (string): The resource on which the action cannot be performed (e.g., Post, Comment).
  • conditions (object, optional): An object which can be used to further restrict the rule’s evaluation.

Example

ability.cannot('delete', 'Post');

isAllowed

Checks if a specific action is allowed for a given resource and context.

Syntax

ability.isAllowed(action: string, resource: string)

Parameters

  • action (string | string[]): The action to check (e.g., read, update).
  • resource (string): The resource for which the action is being checked (e.g., Post, Comment).
  • conditions (object, optional): An object which can be used to further restrict the rule’s evaluation.

Example

const user = { id: 123, roles: ['admin'] };
ability.isAllowed('manage', 'all'); // true

notAllowed

Checks if a specific action is not allowed for a given resource and context.

Syntax

ability.notAllowed(action: string, resource: string)

Parameters

  • action (string | string[]): The action to check (e.g., read, update).
  • resource (string): The resource for which the action is being checked (e.g., Post, Comment).
  • conditions (object, optional): An object which can be used to further restrict the rule’s evaluation.

Example

ability.notAllowed('update', 'Post'); // true

Summary

This section provides a detailed reference of the Asgardian API. For more information and examples, refer to the Introduction, Rules and Conditions, and Role-Based Permissions sections.

💡
Tip

For more advanced usage and best practices, refer to the Advanced Usage section.

Last updated on