Good evening everyone, I'm having difficulty implementing ACL with Prisma and Express. I tried to use the casl/prisma library, but I didn't find the documentation clear. The code below is what is in the documentation, I don't know where to put it, if it's in a Middleware file or where. Could someone guide me or tell me another way to do ACL with prism and express?

import { User, Post, Prisma } from '@prisma/client';
import { AbilityClass, AbilityBuilder, subject } from '@casl/ability';
import { PrismaAbility, Subjects } from '@casl/prisma';

type AppAbility = PrismaAbility<[string, Subjects<{
  User: User,
  Post: Post
}>]>;
const AppAbility = PrismaAbility as AbilityClass<AppAbility>;
const { can, cannot, build } = new AbilityBuilder(AppAbility);

can('read', 'Post', { authorId: 1 });
cannot('read', 'Post', { title: { startsWith: '[WIP]:' } });

const ability = build();
ability.can('read', 'Post');
ability.can('read', subject('Post', { title: '...', authorId: 1 })));

Hey 👋 I haven’t used

@casl/prisma

library, but from the documentation, I can say that you would need to put the

abilities

in the where clause as described in the documentation here. Another alternative to implement ACL is using cerbos.dev They have integration with prisma as mentioned in their docs

Good Morning. I will check and also take a look at cerbos.dev. Thanks.