Add a way to authoraize any query through context

2021-01-28 13:52:14 +01:00 · 2021-01-28 13:52:14 +01:00 · 0bd8721776
commit 0bd8721776
parent f45d7f4efd
5 changed files with 29 additions and 24 deletions
--- a/app/graphql/api/v2/context.rb
+++ b/app/graphql/api/v2/context.rb
@ -10,6 +10,32 @@ class API::V2::Context < GraphQL::Query::Context
    end
  end

+  def internal_use?
+    self[:internal_use]
+  end
+
+  def authorized_demarche?(demarche)
+    if internal_use?
+      return true
+    end
+
+    # We are caching authorization logic because it is called for each node
+    # of the requested graph and can be expensive. Context is reset per request so it is safe.
+    self[:authorized] ||= Hash.new do |hash, demarche_id|
+      # Compute the hash value dynamically when first requested
+      authorized_administrateur = demarche.administrateurs.find do |administrateur|
+        if self[:token]
+          administrateur.valid_api_token?(self[:token])
+        else
+          administrateur.id == self[:administrateur_id]
+        end
+      end
+      hash[demarche_id] = authorized_administrateur.present?
+    end
+
+    self[:authorized][demarche.id]
+  end
+
  class HasFragment < GraphQL::Language::Visitor
    def initialize(document, name)
      super(document)
--- a/app/graphql/types/base_object.rb
+++ b/app/graphql/types/base_object.rb
@ -1,25 +1,4 @@
 module Types
  class BaseObject < GraphQL::Schema::Object
-    def self.authorized_demarche?(demarche, context)
-      # We are caching authorization logic because it is called for each node
-      # of the requested graph and can be expensive. Context is reset per request so it is safe.
-      context[:authorized] ||= {}
-      if context[:authorized][demarche.id]
-        return true
-      end
-
-      administrateur = demarche.administrateurs.find do |administrateur|
-        if context[:token]
-          administrateur.valid_api_token?(context[:token])
-        else
-          administrateur.id == context[:administrateur_id]
-        end
-      end
-
-      if administrateur
-        context[:authorized][demarche.id] = true
-        true
-      end
-    end
  end
 end
--- a/app/graphql/types/demarche_type.rb
+++ b/app/graphql/types/demarche_type.rb
@ -88,7 +88,7 @@ module Types
    end

    def self.authorized?(object, context)
-      authorized_demarche?(object, context)
+      context.authorized_demarche?(object)
    end
  end
 end
--- a/app/graphql/types/dossier_type.rb
+++ b/app/graphql/types/dossier_type.rb
@ -110,7 +110,7 @@ module Types
    end

    def self.authorized?(object, context)
-      authorized_demarche?(object.procedure, context)
+      context.authorized_demarche?(object.procedure)
    end
  end
 end
--- a/app/graphql/types/groupe_instructeur_type.rb
+++ b/app/graphql/types/groupe_instructeur_type.rb
@ -12,7 +12,7 @@ module Types
    end

    def self.authorized?(object, context)
-      authorized_demarche?(object.procedure, context)
+      context.authorized_demarche?(object.procedure)
    end
  end
 end