explicit about different contexts
This commit is contained in:
parent
f434c6a6ad
commit
24fd12ed70
2 changed files with 20 additions and 6 deletions
|
@ -12,15 +12,29 @@ class API::V2::BaseController < ApplicationController
|
|||
@api_token.context
|
||||
# web interface (/graphql) give current_administrateur
|
||||
elsif current_administrateur.present?
|
||||
graphql_web_interface_context
|
||||
else
|
||||
unauthenticated_request_context
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def graphql_web_interface_context
|
||||
{
|
||||
administrateur_id: current_administrateur.id,
|
||||
procedure_ids: current_administrateur.procedure_ids,
|
||||
write_access: true
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
def unauthenticated_request_context
|
||||
{
|
||||
administrateur_id: nil,
|
||||
procedure_ids: [],
|
||||
write_access: false
|
||||
}
|
||||
end
|
||||
|
||||
def authenticate_from_token
|
||||
@api_token = authenticate_with_http_token { |t, _o| APIToken.authenticate(t) }
|
||||
|
|
|
@ -75,7 +75,7 @@ class API::V2::Context < GraphQL::Query::Context
|
|||
|
||||
def compute_demarche_authorization(demarche)
|
||||
# procedure_ids and token are passed from graphql controller
|
||||
(self[:procedure_ids] || []).include?(demarche.id)
|
||||
self[:procedure_ids].include?(demarche.id)
|
||||
end
|
||||
|
||||
# This is a query AST visitor that we use to check
|
||||
|
|
Loading…
Reference in a new issue