Rajska v0.8.0 Rajska.QueryScopeAuthorization View Source

Absinthe middleware to perform query scoping.

Usage

Create your Authorization module and add it and QueryAuthorization to your Absinthe.Schema. Since Scope Authorization middleware must be used with Query Authorization, it is automatically called when adding the former. Then set the scoped module and argument field:

mutation do
  field :create_user, :user do
    arg :params, non_null(:user_params)

    middleware Rajska.QueryAuthorization, permit: :all
    resolve &AccountsResolver.create_user/2
  end

  field :update_user, :user do
    arg :id, non_null(:integer)
    arg :params, non_null(:user_params)

    middleware Rajska.QueryAuthorization, [permit: :user, scope: User] # same as [permit: :user, scope: User, args: :id]
    resolve &AccountsResolver.update_user/2
  end

  field :delete_user, :user do
    arg :id, non_null(:integer)

    middleware Rajska.QueryAuthorization, permit: :admin
    resolve &AccountsResolver.delete_user/2
  end

  field :invite_user, :user do
    arg :email, non_null(:string)

    middleware Rajska.QueryAuthorization, [permit: :user, scope: User, rule: :invitation]
    resolve &AccountsResolver.invite_user/2
  end
end

In the above example, :all and :admin permissions don't require the :scope keyword, as defined in the Rajska.Authorization.not_scoped_roles/0 function, but you can modify this behavior by overriding it.

Options

All the following options are sent to Rajska.Authorization.has_user_access?/4:

  • :scope

  • :args

    • %{user_id: [:params, :id]}: where user_id is the scoped field and id is an argument nested inside the params argument.
    • :id: this is the same as %{id: :id}, where :id is both the query argument and the scoped field that will be passed to Rajska.Authorization.has_user_access?/4
    • [:code, :user_group_id]: this is the same as %{code: :code, user_group_id: :user_group_id}, where code and user_group_id are both query arguments and scoped fields.
  • :optional (optional) - when set to true the arguments are optional, so if no argument is provided, the query will be authorized. Defaults to false.
  • :rule (optional) - allows the same struct to have different rules. See Rajska.Authorization for rule default settings.

Link to this section Summary

Link to this section Functions

Link to this function

apply_scope_authorization(resolution, scope, arguments_source, arg, rule, optional)

View Source

This is the main middleware callback.

It receives an %Absinthe.Resolution{} struct and it needs to return an %Absinthe.Resolution{} struct. The second argument will be whatever value was passed to the middleware call that setup the middleware.

Callback implementation for Absinthe.Middleware.call/2.

Link to this function

scope_user!(resolution, config)

View Source