Authorize before fetching data

Question

Authorize before fetching data

alexander37137 opened this issue 5 years ago · 6 comments

Can i change authorize behavior to check policy before fetching data?

Answer 1 · 2019-10-05T19:22:34.000Z

Are you talking about GraphQL integration (and here palkan/action_policy#81 as well)?

Answer 2 · 2019-10-07T06:57:45.000Z

Yes, I want to make authorization api using graphql and i have to make graphql controller available without authorization. And that make problems with other apis. I made user nullable in graphql context and after that everywhere in queries i have to check presence of current_user

Answer 3 · 2019-10-07T15:55:03.000Z

There is not short syntax for this right now (though we might consider adding this in the future releases).

For now you can do the following:

field :something, SomeType

def something
  authorize! object, to: :rule?
  object.something
end

Answer 4 · 2019-10-08T08:28:33.000Z

I see, thank you. I think for me it will be easier to make addition rest api for authorisation, than checking presence of current_user in every query. I think issue can be closed

Answer 5 · 2019-10-21T11:56:42.000Z

@alexander37137 Please, take a look at the proposed API: #10 (also solves the problem of combining scoping and authorization).

Answer 6 · 2019-10-21T13:08:22.000Z

Looks good to me