docs: add gotcha for not allowed to get on users (#74)

fratzinger · Oct 12, 2022 · eb79568 · eb79568
1 parent ddcb6d3
commit eb79568
Showing 1 changed file with 31 additions and 1 deletion.
diff --git a/docs/gotchas.md b/docs/gotchas.md
@@ -48,4 +48,34 @@ const ability = defineAbility((can, cannot) => {
   can("read", "users", ["id", "name", "email"], { id: { $ne: 1 } });
   can("read", "users", { id: user.id });
 });
-```
+```
+
+## You're not allowed to get on 'users'
+
+To prevent the error `You're not allowed to get on 'users'`, you need to define the abilities right after your `authenticate()` hook and before the `authorize()` hook for the `get` method of the user service.
+
+```js
+// src/services/users/users.hooks.js
+
+module.exports = {
+  before: {
+    get: [
+      authenticate('jwt'),
+
+      // Add this to set abilities, if a user exists
+      context => {
+        if (context.params.ability) { return context; }
+        const { user } = context.params
+        if (user) context.params.ability = defineAbilitiesFor(user)
+        return context
+      }
+
+      authorize({ adapter: 'feathers-mongoose' }),
+    ]
+
+    // ...
+  },
+
+  // ...
+};
+```