Rajska

v0.0.1

Rajska v0.0.1 Rajska.ObjectAuthorization View Source

Absinthe middleware to ensure object permissions.

Authorizes all Absinthe's objects requested in a query by checking the permission defined in each object meta authorize.

Usage

Create your Authorization module and add it and QueryAuthorization to your Absinthe.Schema. Then set the permitted role to access an object:

object :wallet_balance do
  meta :authorize, :admin

  field :total, :integer
end

object :company do
  meta :authorize, :user

  field :name, :string

  field :wallet_balance, :wallet_balance
end

object :user do
  meta :authorize, :all

  field :email, :string

  field :company, :company
end

With the permissions above, a query like the following would only be allowed by an admin user:

{
  userQuery {
    name
    email
    company {
      name
      walletBalance { total }
    }
  }
}

Object Authorization middleware runs after Query Authorization middleware (if added) and before the query is resolved by recursively checking the requested objects permissions in the Rajska.Authorization.is_role_authorized?/2 function (which is also used by Query Authorization). It can be overridden by your own implementation.

Link to this section Summary

Functions

call(resolution, config)

This is the main middleware callback.

Link to this section Functions

Link to this function

call(resolution, config) View Source

This is the main middleware callback.

It receives an %Absinthe.Resolution{} struct and it needs to return an %Absinthe.Resolution{} struct. The second argument will be whatever value was passed to the middleware call that setup the middleware.

Callback implementation for Absinthe.Middleware.call/2.