Service should provide a hook to loaded resource or respect filters in all methods

[stalniy]

Description

Currently I'm trying to find a way of how I can integrate casl with feathersjs application. In the current implementation of services it's impossible because I don't have access to loaded record by service and service ignores filter parameters for get(id), patch(id) and other similar methods (it just fetches an item by id).

Expected behavior

I need a way to check whether user can do something with record before service do this but after service loads record. Alterna

Actual behavior

There shoud be hook which is called when service loads record from database or service all service methods should respect filtering parameters

[daffl]

The current way to do this would be to retrieve the record in a hook, check the permissions and either throw an error or set hook.result if you are allowed:

const errors = require('feathers-errors');

app.service('myservice').hooks({
  before: {
    get(hook) {
      if(hook.id && hook.params.provider !== 'server') {
        const params = Object.assign({}, hook.params, {
          provider: 'server'
        });

        return hook.service.get(hook.id, params).then(result => {
          if(!checkPermissions(result)) {
            throw new errors.NotAuthorized('You are not allowed');
          }

          hook.result = result;

          return hook;
        });
      }
    }
  }
})

[stalniy]

Aha. I thought about this scenario but I expected that service method would be called twice.

So, if I set hook.result in before hook the actual service method will not be called, correct?

[daffl]

Exactly. Setting hook.result in a before hook will skip the actual method call (but still run all after hooks). That way we can avoid duplicate calls in this case.

[stalniy]

Cool! Thanks!