module GraphQR::Policies::AuthorizeGraphQL

The AuthorizeGraphQL module defines a way of running the PolicyProvider authorization with a specific action

Constants

DEFAULT_AUTHORIZATION_ERROR

Public Instance Methods

authorize_graphql(record, action, policy_class: nil) click to toggle source

This method is a wrapper around the Pundit authorize, receiving the same arguments. The only difference is that it turns the Pundit::NotAuthorizedError into a GraphQL::ExecutionError

Example:¶ ↑

authorize_graphql User, :index?

# File lib/graphqr/policies/authorize_graphql.rb, line 19
def authorize_graphql(record, action, policy_class: nil)
  args = { record: record, action: action, policy_class: policy_class }
  raise GraphQL::ExecutionError, DEFAULT_AUTHORIZATION_ERROR unless policy_provider.allowed?(args)
end

policy_provider() click to toggle source

# File lib/graphqr/policies/authorize_graphql.rb, line 24
def policy_provider
  context[:policy_provider]
end