Graphql context in Policies?

Question

Graphql context in Policies?

marlosirapuan opened this issue 5 years ago · 2 comments

Hi, there is a way to pass Graphql context to the Policies? Example:

# frozen_string_literal: true

module Types
  class QueryType < Types::BaseObject
    field :user,
          resolver: Queries::User::Fetch,
          preauthorize: { to: :user?, with: Queries::UsersPolicy }
  end
end

module Queries
  class UsersPolicy < ApplicationPolicy
    authorize :user, allow_nil: true

    def initialize(user, record)
      # context here
      variables = record.context.query.provided_variables
    end

    def user?
      user.admin?
    end
  end
end

I need the query variables from graphql

Answer 1 · 2020-05-22T06:57:08.000Z

You can add context as an additional authorization context. Something like this:

# in GraphQL
class Types::BaseObject
  authorize :graphql_context, through: :context
end

module Queries
  class ApplicationPolicy < ActionPolicy::Base
     authorize :graphql_context

     private
    
     def variables
       graphql_context.query.provided_variables
     end
  end
end

Answer 2 · 2020-05-22T13:00:51.000Z

@palkan yes! it worked. Thank you! 🍻