From 24fd12ed700e7878e5600e6e90f81afe3ec6d61c Mon Sep 17 00:00:00 2001 From: simon lehericey Date: Thu, 3 Aug 2023 16:33:30 +0200 Subject: [PATCH] explicit about different contexts --- app/controllers/api/v2/base_controller.rb | 24 ++++++++++++++++++----- app/graphql/api/v2/context.rb | 2 +- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/app/controllers/api/v2/base_controller.rb b/app/controllers/api/v2/base_controller.rb index 8a8ff9509..f8a640482 100644 --- a/app/controllers/api/v2/base_controller.rb +++ b/app/controllers/api/v2/base_controller.rb @@ -12,16 +12,30 @@ class API::V2::BaseController < ApplicationController @api_token.context # web interface (/graphql) give current_administrateur elsif current_administrateur.present? - { - administrateur_id: current_administrateur.id, - procedure_ids: current_administrateur.procedure_ids, - write_access: true - } + graphql_web_interface_context + else + unauthenticated_request_context end end private + def graphql_web_interface_context + { + administrateur_id: current_administrateur.id, + procedure_ids: current_administrateur.procedure_ids, + write_access: true + } + end + + def unauthenticated_request_context + { + administrateur_id: nil, + procedure_ids: [], + write_access: false + } + end + def authenticate_from_token @api_token = authenticate_with_http_token { |t, _o| APIToken.authenticate(t) } diff --git a/app/graphql/api/v2/context.rb b/app/graphql/api/v2/context.rb index 824c9cd30..e8496535a 100644 --- a/app/graphql/api/v2/context.rb +++ b/app/graphql/api/v2/context.rb @@ -75,7 +75,7 @@ class API::V2::Context < GraphQL::Query::Context def compute_demarche_authorization(demarche) # procedure_ids and token are passed from graphql controller - (self[:procedure_ids] || []).include?(demarche.id) + self[:procedure_ids].include?(demarche.id) end # This is a query AST visitor that we use to check