explicit about different contexts

This commit is contained in:
simon lehericey 2023-08-03 16:33:30 +02:00
parent f434c6a6ad
commit 24fd12ed70
2 changed files with 20 additions and 6 deletions

View file

@ -12,15 +12,29 @@ class API::V2::BaseController < ApplicationController
@api_token.context
# web interface (/graphql) give current_administrateur
elsif current_administrateur.present?
graphql_web_interface_context
else
unauthenticated_request_context
end
end
private
def graphql_web_interface_context
{
administrateur_id: current_administrateur.id,
procedure_ids: current_administrateur.procedure_ids,
write_access: true
}
end
end
private
def unauthenticated_request_context
{
administrateur_id: nil,
procedure_ids: [],
write_access: false
}
end
def authenticate_from_token
@api_token = authenticate_with_http_token { |t, _o| APIToken.authenticate(t) }

View file

@ -75,7 +75,7 @@ class API::V2::Context < GraphQL::Query::Context
def compute_demarche_authorization(demarche)
# procedure_ids and token are passed from graphql controller
(self[:procedure_ids] || []).include?(demarche.id)
self[:procedure_ids].include?(demarche.id)
end
# This is a query AST visitor that we use to check