Add a way to authoraize any query through context

2021-01-28 13:52:14 +01:00 · 2021-01-28 13:52:14 +01:00 · 0bd8721776
commit 0bd8721776
parent f45d7f4efd
5 changed files with 29 additions and 24 deletions
--- a/app/graphql/api/v2/context.rb
+++ b/app/graphql/api/v2/context.rb
@ -10,6 +10,32 @@ class API::V2::Context < GraphQL::Query::Context
    end
  end

+  def internal_use?
+    self[:internal_use]
+  end
+
+  def authorized_demarche?(demarche)
+    if internal_use?
+      return true
+    end
+
+    # We are caching authorization logic because it is called for each node
+    # of the requested graph and can be expensive. Context is reset per request so it is safe.
+    self[:authorized] ||= Hash.new do |hash, demarche_id|
+      # Compute the hash value dynamically when first requested
+      authorized_administrateur = demarche.administrateurs.find do |administrateur|
+        if self[:token]
+          administrateur.valid_api_token?(self[:token])
+        else
+          administrateur.id == self[:administrateur_id]
+        end
+      end
+      hash[demarche_id] = authorized_administrateur.present?
+    end
+
+    self[:authorized][demarche.id]
+  end
+
  class HasFragment < GraphQL::Language::Visitor
    def initialize(document, name)
      super(document)