feat(api_token): api v2 use new token

2022-11-30 10:14:23 +01:00 · 2022-11-30 10:14:23 +01:00 · 52c8fc7e8d
commit 52c8fc7e8d
parent a47a056ee8
4 changed files with 27 additions and 30 deletions
--- a/app/graphql/api/v2/context.rb
+++ b/app/graphql/api/v2/context.rb
@ -23,15 +23,11 @@ class API::V2::Context < GraphQL::Query::Context
    # We are caching authorization logic because it is called for each node
    # of the requested graph and can be expensive. Context is reset per request so it is safe.
    self[:authorized] ||= Hash.new do |hash, demarche_id|
-      # Compute the hash value dynamically when first requested
-      authorized_administrateur = demarche.administrateurs.find do |administrateur|
-        if self[:token]
-          administrateur.valid_api_token?(self[:token])
-        else
-          administrateur.id == self[:administrateur_id]
-        end
+      hash[demarche_id] = if self[:token]
+        APIToken.find_and_verify(self[:token], demarche.administrateurs).present?
+      elsif self[:administrateur_id]
+        demarche.administrateurs.map(&:id).include?(self[:administrateur_id])
      end
-      hash[demarche_id] = authorized_administrateur.present?
    end

    self[:authorized][demarche.id]