Rajska v0.0.1 Rajska.QueryAuthorization View Source

Absinthe middleware to ensure query permissions.

Usage

Create your Authorization module and add it and QueryAuthorization to your Absinthe.Schema. Then set the permitted role to access a query or mutation:

mutation do
  field :create_user, :user do
    arg :params, non_null(:user_params)

    middleware Rajska.QueryAuthorization, permit: :all
    resolve &AccountsResolver.create_user/2
  end

  field :update_user, :user do
    arg :id, non_null(:integer)
    arg :params, non_null(:user_params)

    middleware Rajska.QueryAuthorization, [permit: :user, scoped: User] # same as {User, :id}
    resolve &AccountsResolver.update_user/2
  end

  field :delete_user, :user do
    arg :id, non_null(:integer)

    middleware Rajska.QueryAuthorization, permit: :admin
    resolve &AccountsResolver.delete_user/2
  end
end

Query authorization will call Rajska.Authorization.is_role_authorized?/2 to check if the user role is authorized to perform the query.

Link to this section Summary

Functions

call(resolution, config)

This is the main middleware callback.

Link to this section Functions

call(resolution, config) View Source

This is the main middleware callback.

It receives an %Absinthe.Resolution{} struct and it needs to return an %Absinthe.Resolution{} struct. The second argument will be whatever value was passed to the middleware call that setup the middleware.

Callback implementation for Absinthe.Middleware.call/2.