jungsoft/rajska

Allow customization of object authorization message

Closed this issue · 0 comments

Query authorization supports a custom message for unauthorized error:

  defp update_result(false, %{context: context} = resolution) do
    Resolution.put_result(resolution, {:error, Rajska.apply_auth_mod(context, :unauthorized_message, [resolution])})
  end

But object authorization does not:

  defp put_result(false, _fields, resolution, object) do
    Resolution.put_result(resolution, {:error, "Not authorized to access object #{object.identifier}"})
  end

We should follow the same pattern of having an overridable function in Rajska that should be called in the case of unauthorized in ObjectAuthorization