Operators

Asgardian provides a rich set of operators for complex permission rules. These operators can be used in condition objects to create sophisticated access control rules.

Basic Field Conditions

The simplest condition is direct equality matching:


ability.can('read', 'Post', { 
  status: 'published'
})

This checks if the resource’s status field equals exactly 'published'.

Logical Operators

`$and`

Matches if all conditions are true:


ability.can('manage', 'Post', { 
  $and: [
    { status: 'published' },
    { views: { $gt: 100 } },
    { 'author.isActive': true }
  ]
})

`$or`

Matches if any condition is true:


ability.can('manage', 'Post', { 
  $or: [
    { status: 'draft' },
    { views: { $gt: 1000 } },
    { 'author.id': 999 }
  ]
})

`$not`

Negates a condition:


ability.can('manage', 'Post', { 
  $not: { status: 'archived' }
})

Comparison Operators

`$eq`, `$ne`

Equal and not equal operators:


ability.can('read', 'Post', { 
  status: { $eq: 'published' }
})
 
ability.can('read', 'Post', { 
  status: { $ne: 'draft' }
})

`$in`, `$nin`

Check if value is in or not in an array:


ability.can('read', 'Post', { 
  status: { $in: ['published', 'archived'] }
})
 
ability.can('read', 'Post', { 
  status: { $nin: ['draft', 'pending'] }
})

`$gt`, `$gte`, `$lt`, `$lte`

Numeric comparison operators:


ability.can('read', 'Post', { 
  views: { $gt: 100 }
})
 
ability.can('read', 'Post', { 
  views: { $gte: 100 }
})
 
ability.can('read', 'Post', { 
  views: { $lt: 1000 }
})
 
ability.can('read', 'Post', { 
  views: { $lte: 1000 }
})

`$between`

Check if value is within a range (inclusive):


ability.can('read', 'Post', { 
  views: { $between: [100, 1000] }
})
 
// Also works with dates
ability.can('read', 'Post', { 
  publishDate: { $between: [new Date('2023-01-01'), new Date('2023-12-31')] }
})

String Operators

`$contains`, `$startsWith`, `$endsWith`

String pattern matching operators:


ability.can('read', 'Post', { 
  title: { $contains: 'important' }
})
 
ability.can('read', 'Post', { 
  title: { $startsWith: 'Draft:' }
})
 
ability.can('read', 'Post', { 
  title: { $endsWith: 'Report' }
})

`$regex`

Regular expression matching:


ability.can('read', 'Post', { 
  slug: { $regex: /^draft-/ }
})

Combining Operators

You can combine operators for complex conditions:


ability.can('manage', 'Post', {
  $and: [
    { status: 'published' },
    {
      $or: [
        { views: { $gt: 1000 } },
        { 'author.id': 101 }
      ]
    },
    { tags: { $in: ['important'] } }
  ]
})

You can also combine multiple operators on a single field:


ability.can('read', 'Post', {
  views: { $gt: 100, $lt: 1000 }
})

Nested Field Access

You can access nested fields using dot notation:


ability.can('manage', 'Post', {
  'author.id': 101,
  'metadata.isPublic': true
})

Edge Cases

If a condition is undefined or an empty object {}, it will always match
Fields that don’t exist in the resource are treated as undefined
When checking against null values, be explicit in your conditions

Summary

Operators in Asgardian provide a powerful way to express complex permission rules. By combining different operators, you can create sophisticated conditions for fine-grained access control.

Operators

Basic Field Conditions

Logical Operators

$and

$or

$not