Allow checking of authenticaded resource via callable object#180
Merged
mcelicalderon merged 1 commit intomasterfrom May 17, 2021
Merged
Allow checking of authenticaded resource via callable object#180mcelicalderon merged 1 commit intomasterfrom
mcelicalderon merged 1 commit intomasterfrom
Conversation
00dav00
approved these changes
May 17, 2021
00dav00
reviewed
May 17, 2021
| def raise_on_missing_resource(context, field) | ||
| @unauthenticated_proc.call(field.name) if context[:current_resource].blank? | ||
| def raise_on_missing_resource(context, field, auth_required) | ||
| if auth_required.respond_to?(:call) |
Contributor
There was a problem hiding this comment.
WDYT about
if auth_required.respond_to?(:call) && auth_required.call(context[:current_resource])
@unauthenticated_proc.call(field.name) 
mcelicalderon
force-pushed
the
add-conditional-authentication
branch
from
dce2377 to
0f5129c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With this change you can now use a custom callable object to check for additional conditions on the authenticated resource. Before we would only check for the presence of
context[:current_resource]after token authentication. Now you can do something like this:This does not intend to replace a more complete authorization framework, but just support a bit more complex authentication conditions that I can imagine would work for most fields.
I would still advise to look into gems like graphql-guard as a more complete authorization gem in GraphQL. Also, the GraphQL gem has premium support for authorization and a basic API that you could use for this purpose.
Resolves #118