Add a way to authoraize any query through context

This commit is contained in:
Paul Chavard 2021-01-28 13:52:14 +01:00
parent f45d7f4efd
commit 0bd8721776
5 changed files with 29 additions and 24 deletions

View file

@ -10,6 +10,32 @@ class API::V2::Context < GraphQL::Query::Context
end
end
def internal_use?
self[:internal_use]
end
def authorized_demarche?(demarche)
if internal_use?
return true
end
# We are caching authorization logic because it is called for each node
# of the requested graph and can be expensive. Context is reset per request so it is safe.
self[:authorized] ||= Hash.new do |hash, demarche_id|
# Compute the hash value dynamically when first requested
authorized_administrateur = demarche.administrateurs.find do |administrateur|
if self[:token]
administrateur.valid_api_token?(self[:token])
else
administrateur.id == self[:administrateur_id]
end
end
hash[demarche_id] = authorized_administrateur.present?
end
self[:authorized][demarche.id]
end
class HasFragment < GraphQL::Language::Visitor
def initialize(document, name)
super(document)

View file

@ -1,25 +1,4 @@
module Types
class BaseObject < GraphQL::Schema::Object
def self.authorized_demarche?(demarche, context)
# We are caching authorization logic because it is called for each node
# of the requested graph and can be expensive. Context is reset per request so it is safe.
context[:authorized] ||= {}
if context[:authorized][demarche.id]
return true
end
administrateur = demarche.administrateurs.find do |administrateur|
if context[:token]
administrateur.valid_api_token?(context[:token])
else
administrateur.id == context[:administrateur_id]
end
end
if administrateur
context[:authorized][demarche.id] = true
true
end
end
end
end

View file

@ -88,7 +88,7 @@ module Types
end
def self.authorized?(object, context)
authorized_demarche?(object, context)
context.authorized_demarche?(object)
end
end
end

View file

@ -110,7 +110,7 @@ module Types
end
def self.authorized?(object, context)
authorized_demarche?(object.procedure, context)
context.authorized_demarche?(object.procedure)
end
end
end

View file

@ -12,7 +12,7 @@ module Types
end
def self.authorized?(object, context)
authorized_demarche?(object.procedure, context)
context.authorized_demarche?(object.procedure)
end
end
end