Allow customization of object authorization message
Closed this issue · 0 comments
gabrielpra1 commented
Query authorization supports a custom message for unauthorized error:
defp update_result(false, %{context: context} = resolution) do
Resolution.put_result(resolution, {:error, Rajska.apply_auth_mod(context, :unauthorized_message, [resolution])})
end
But object authorization does not:
defp put_result(false, _fields, resolution, object) do
Resolution.put_result(resolution, {:error, "Not authorized to access object #{object.identifier}"})
end
We should follow the same pattern of having an overridable function in Rajska
that should be called in the case of unauthorized in ObjectAuthorization