Rajska.ObjectScopeAuthorization (Rajska v1.3.2) View Source
Absinthe Phase to perform object scoping.
Authorizes all Absinthe's objects requested in a query by checking the underlying struct.
Usage
Create your Authorization module and add it and ObjectScopeAuthorization to your Absinthe Pipeline. Then set the scope of an object:
object :user do
# Turn on Object and Field scoping, but if the FieldAuthorization middleware is not included, this is the same as using `scope_object?`
meta :scope?, true
field :id, :integer
field :email, :string
field :name, :string
field :company, :company
end
object :company do
meta :scope_object?, true
field :id, :integer
field :user_id, :integer
field :name, :string
field :wallet, :wallet
end
object :wallet do
meta :scope?, true
meta :rule, :object_authorization
field :total, :integer
endTo define custom rules for the scoping, use has_user_access?/3. For example:
defmodule Authorization do
use Rajska,
valid_roles: [:user, :admin],
super_role: :admin
@impl true
def has_user_access?(%{role: :admin}, %User{}, _rule), do: true
def has_user_access?(%{id: user_id}, %User{id: id}, _rule) when user_id === id, do: true
def has_user_access?(_current_user, %User{}, _rule), do: false
def has_user_access?(%{id: user_id}, %Wallet{user_id: id}, :object_authorization), do: user_id == id
def has_user_access?(%{id: user_id}, %Wallet{user_id: id}, :always_block), do: false
endThis way different rules can be set to the same struct.
See Rajska.Authorization for rule default settings.
Link to this section Summary
Link to this section Functions
Specs
flag_invalid(Absinthe.Blueprint.node_t()) :: Absinthe.Blueprint.node_t()
Specs
flag_invalid(Absinthe.Blueprint.node_t(), atom()) :: Absinthe.Blueprint.node_t()
Specs
run(Absinthe.Blueprint.t() | Absinthe.Phase.Error.t(), Keyword.t()) :: {:ok, map()}
Callback implementation for Absinthe.Phase.run/2.