Rajska

v0.0.1

Rajska v0.0.1 Rajska.FieldAuthorization View Source

Absinthe middleware to ensure field permissions.

Authorizes Absinthe's object field according to the result of the Rajska.Authorization.is_field_authorized?/3 function, which receives the user role, the meta scope_by atom defined in the object schema and the source object that is resolving the field.

Usage

Create your Authorization module and add it and FieldAuthorization to your Absinthe.Schema. Then add the meta scope_by to an object and meta private to your sensitive fields:

object :user do
  meta :scope_by, :id

  field :name, :string
  field :is_email_public, :boolean

  field :phone, :string, meta: [private: true]
  field :email, :string, meta: [private: & !&1.is_email_public]
end

As seen in the example above, a function can also be passed as value to the meta :private key, in order to check if a field is private dynamically, depending of the value of another field.

Link to this section Summary

Functions

call(resolution, list)

This is the main middleware callback.

Link to this section Functions

Link to this function

call(resolution, list) View Source

This is the main middleware callback.

It receives an %Absinthe.Resolution{} struct and it needs to return an %Absinthe.Resolution{} struct. The second argument will be whatever value was passed to the middleware call that setup the middleware.

Callback implementation for Absinthe.Middleware.call/2.