Class: GraphQL::Authorization::Ability

Inherits:

Object

• Object
• GraphQL::Authorization::Ability

Defined in:

lib/graphql/authorization/ability.rb

Instance Method Summary

• #ability(user) ⇒ Object
• #allowed(type) ⇒ Object
• #callSetArgs(object, *args) ⇒ Object

  calls a proc-like object with args comensorate with it’s arity.

• #canAccess(type, field, object = nil, args = {}) ⇒ Object

  returns true if the user can access “field” on “type”.

• #canExecute(type, args = {}) ⇒ Object

  returns true if the user can execute queries of type, “type”.

• #initialize(user) ⇒ Ability constructor

  A new instance of Ability.

• #permit(type, options = {}) ⇒ Object

  permits execution, all access by default.

Constructor Details

#initialize(user) ⇒ Ability

Returns a new instance of Ability.

# File 'lib/graphql/authorization/ability.rb', line 2

def initialize(user)
  @user = user
  @ability = {}

  #default white list builtin scalars
  permit GraphQL::STRING_TYPE, execute: true, only: []
  permit GraphQL::INT_TYPE, execute: true, only: []
  permit GraphQL::FLOAT_TYPE, execute: true, only: []
  permit GraphQL::ID_TYPE, execute: true, only: []
  permit GraphQL::BOOLEAN_TYPE, execute: true, only: []

  ability(user)
end

Instance Method Details

#ability(user) ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/graphql/authorization/ability.rb', line 72

def ability(user)
  raise NotImplementedError.new("must implmenet ability funciton")
end

#allowed(type) ⇒ Object

# File 'lib/graphql/authorization/ability.rb', line 64

def allowed type
  if type.class == GraphQL::UnionType
    permit type, execute: true
  else
    permit type, execute: true, only: GraphQL::Authorization::All
  end
end

#callSetArgs(object, *args) ⇒ Object

calls a proc-like object with args comensorate with it’s arity

# File 'lib/graphql/authorization/ability.rb', line 37

def callSetArgs(object,*args)
  arity = object&.arity || object.method(:call).arity
  if arity > 0
    object.call(*args[0..arity-1])
  elsif arity == 0
    object.call()
  else
    object.call(*args)
  end
end

#canAccess(type, field, object = nil, args = {}) ⇒ Object

returns true if the user can access “field” on “type”

# File 'lib/graphql/authorization/ability.rb', line 57

def canAccess(type,field,object=nil,args={})
  return false unless @ability[type]
  access = @ability[type].access_permission[field]
  return callSetArgs(access,object,args) if access.respond_to? :call
  access
end

#canExecute(type, args = {}) ⇒ Object

returns true if the user can execute queries of type, “type”

# File 'lib/graphql/authorization/ability.rb', line 49

def canExecute(type,args={})
  return false unless @ability[type]
  execute = @ability[type].execute_permission
  return callSetArgs(execute,args) if execute.respond_to? :call
  execute
end

#permit(type, options = {}) ⇒ Object

permits execution, all access by default

Raises:

• (NameError)

# File 'lib/graphql/authorization/ability.rb', line 17

def permit(type,options={})
  raise NameError.new("duplicate ability definition") if @ability.key? type
  ability_object = GraphQL::Authorization::AbilityType.new(type,nil,{})
  if options.key?(:except) && options.key?(:only)
    raise ArgumentError.new("you cannot specify white list and black list")
  end
  if options[:except]
    ability_object.access(type.fields.keys.map(&:to_sym) - options[:except])
  elsif options[:only]
    ability_object.access(options[:only])
  end
  ability_object.execute options[:execute]
  if block_given?
    #note Proc.new creates a proc with the block given to the method
    ability_object.instance_eval(&Proc.new)
  end
  @ability[type] = ability_object
end