Rajska v1.3.2

Rajska.QueryAuthorization (Rajska v1.3.2) View Source

Absinthe middleware to ensure query permissions.

Usage

Create your Authorization module and add it and QueryAuthorization to your Absinthe.Schema. Then set the permitted role to access a query or mutation:

mutation do
  field :create_user, :user do
    arg :params, non_null(:user_params)

    middleware Rajska.QueryAuthorization, permit: :all
    resolve &AccountsResolver.create_user/2
  end

  field :update_user, :user do
    arg :id, non_null(:integer)
    arg :params, non_null(:user_params)

    middleware Rajska.QueryAuthorization, [permit: :user, scope: User] # same as [permit: :user, scope: User, args: :id]
    resolve &AccountsResolver.update_user/2
  end

  field :delete_user, :user do
    arg :id, non_null(:integer)

    middleware Rajska.QueryAuthorization, permit: :admin
    resolve &AccountsResolver.delete_user/2
  end
end

Query authorization will call Rajska.Authorization.role_authorized?/2 to check if the user role is authorized to perform the query.

Link to this section Summary

Functions

call(resolution, config)

Callback implementation for Absinthe.Middleware.call/2.

Link to this section Functions

Link to this function

call(resolution, config)

View Source

Callback implementation for Absinthe.Middleware.call/2.