no examples of authorized_scope with relay connection type

Question

no examples of authorized_scope with relay connection type

lifeiscontent opened this issue 5 years ago · 7 comments

Hope you're doing well.

I was wondering if you could show an example of how I might implement an authorized_scope with a relay connection.

I tried setting it up initially but it gave me the following error:

Couldn't find policy class for [#<Types::QueryType:0x00007f986eb5a730 @object=nil, @context=#<Query::Context ...>, @__policies_cache__={\"//70146334492460\"=>nil}, @authorization_namespace=Types>, \"Couldn't find implicit authorization target for Types::QueryType. Please, provide policy class explicitly using `with` option or define the `implicit_authorization_target` method.\"] (Array)```

Answer 1 · 2020-02-03T16:52:52.000Z

Could you please provide a bit more context? For example, schema fragment, policies structure.

We're using Action Policy with connections without any additional setup.

Answer 2 · 2020-02-03T20:22:36.000Z

@palkan i believe this error shows up when you set connection: true on a field

Answer 3 · 2020-03-11T21:19:24.000Z

I added some specs for connections and they pass without any code change: de73a58

So, returning to the previous question

Could you please provide a bit more context? For example, schema fragment, policies structure.

Answer 4 · 2020-03-16T18:05:30.000Z

@palkan hey, I think I might have been using the DSL wrong, previously when I had a connection type I used a Type.connection_type, connection: true on the field, and I believe that's when I saw it blowing up, but really, this is a misunderstanding of the API on my behalf.

Thanks for putting in so much awesome work into this! :)

As a side note, I'm using action policy for an example app I built, including test coverage: https://github.com/lifeiscontent/realworld

you can see it live here, though it's on heroku free tier so it might take a second to boot.

https://realworld.now.sh

Answer 5 · 2020-03-17T21:36:30.000Z

As a side note, I'm using action policy for an example app I built

Thanks for sharing!

P.S. Quick suggestion: you can use pre-checks to avoid calling user? in most places.

Answer 6 · 2020-03-19T23:29:19.000Z

@palkan can you show me what that would look like?

Answer 7 · 2020-03-20T15:01:51.000Z

You can add the following to your application policy:

class ApplicationPolicy < ActionPolicy::Base
  pre_check :deny_unauthenticated

  def deny_unauthenticated
    deny! unless user?
  end
end

And then you can remove user? checks from all the rules