Speakeasy.Authz (Speakeasy v0.3.2)
Authorization middleware for Absinthe.
Please see the README for a complete example in a Absinthe Schema.
Link to this section Summary
Link to this section Functions
Link to this function
call(res, opts)
Authorizes the operation using Bodyguard policies.
Speakeasy.Authn
and Speakeasy.LoadResource
must occur before calling Authz
Covering policies is beyond the scope of these docs, but a simple example is below:
defmodule MyApp.Posts do
defdelegate authorize(action, user, params), to: MyApp.Posts.Policy
end
defmodule MyApp.Posts.Policy do
@behaviour Bodyguard.Policy
@spec authorize(atom(), %User{} | nil, map()) :: :ok | {:error, String.t()}
# Allow any user to create a post
def authorize(:create_post, %User{}, _params), do: true
# Only allow an author to get a post in draft state
def authorize(:get_post, %User{id: user_id}, %Post{user_id: user_id, draft: true}), do: true
# Default blacklist
def authorize(_, _, _), do: {:error, "Get outta here fool!"}
end
Examples
Authorizing takes a tuple of {resource_module, action}
:
object :post_mutations do
@desc "Create post"
field :create_post, type: :post do
arg(:name, non_null(:string))
middleware(Speakeasy.Authn)
middleware(Speakeasy.LoadResource, fn(attrs) -> a_function_that_loads_the_resource end)
middleware(Speakeasy.Authz, {MyApp.Posts, :create_post})
end
end