Hello guys , i am pretty new to nestjs , i would like to ask you what is best practise to make policies if i am using Prisma. I read about CASL but in my opinion it is very complex to only compare record.user_id with user.id .
Is it good practise to pass user id and just check it straight in the service ? Or should i go with CASL or is there any better solution ?
Thank you for answear 🙂
#What is best practise for Policies with prisma ?
next hornet
lost olive
Best practice is mostly having a system fit to your needs. If your permission logic is mostly checking a user ID nothing prevents you from doing manually. If your auth logic is more advanced (different groups of users, different read/write access, model access segmentation etc) just go with CASL (which isn't that hard to work on once you setup your first simple policy). A good practice with CASL is "always require a Policy as the first arg of any function that calls on a model" so that you don't forget it. Good luck.