PermitEx.Absinthe.RequireAuthorization (permit_ex v0.2.0)

Copy Markdown View Source

Absinthe middleware for enforcing PermitEx roles and permissions.

object :orders do
  field :create_order, :order do
    middleware PermitEx.Absinthe.RequireAuthorization, permission: "orders:manage"
    resolve &OrderResolver.create/2
  end
end

Options:

  • :permission - one required permission
  • :role - one required role
  • :any_permissions - at least one permission must match
  • :all_permissions - every permission must match
  • :any_roles - at least one role must match
  • :all_roles - every role must match
  • :assign_key - key in resolution.context holding the scope. Defaults to :current_scope.
  • :message - error message returned on denial. Defaults to "forbidden".