Class: GraphQL::Guard

Inherits:

Object

• Object
• GraphQL::Guard

Defined in:

lib/graphql/guard.rb,
lib/graphql/guard/version.rb

Constant Summary

ANY_FIELD_NAME =

:'*'

DEFAULT_NOT_AUTHORIZED =

->(type, field) { raise NotAuthorizedError.new("Not authorized to access: #{type}.#{field}") }

NotAuthorizedError =

Class.new(StandardError)

VERSION =

"1.3.0"

Instance Attribute Summary

• #not_authorized ⇒ Object readonly

  Returns the value of attribute not_authorized.

• #policy_object ⇒ Object readonly

  Returns the value of attribute policy_object.

Instance Method Summary

• #guard_proc(type, field) ⇒ Object
• #initialize(policy_object: nil, not_authorized: DEFAULT_NOT_AUTHORIZED) ⇒ Guard constructor

  A new instance of Guard.

• #instrument(type, field) ⇒ Object
• #use(schema_definition) ⇒ Object

Constructor Details

#initialize(policy_object: nil, not_authorized: DEFAULT_NOT_AUTHORIZED) ⇒ Guard

Returns a new instance of Guard.

# File 'lib/graphql/guard.rb', line 15

def initialize(policy_object: nil, not_authorized: DEFAULT_NOT_AUTHORIZED)
  @policy_object = policy_object
  @not_authorized = not_authorized
end

Instance Attribute Details

#not_authorized ⇒ Object (readonly)

Returns the value of attribute not_authorized.

# File 'lib/graphql/guard.rb', line 13

def not_authorized
  @not_authorized
end

#policy_object ⇒ Object (readonly)

Returns the value of attribute policy_object.

# File 'lib/graphql/guard.rb', line 13

def policy_object
  @policy_object
end

Instance Method Details

#guard_proc(type, field) ⇒ Object

# File 'lib/graphql/guard.rb', line 49

def guard_proc(type, field)
  inline_field_guard(field) ||
    policy_object_guard(type, field.name.to_sym) ||
    inline_type_guard(type) ||
    policy_object_guard(type, ANY_FIELD_NAME)
end

#instrument(type, field) ⇒ Object

# File 'lib/graphql/guard.rb', line 31

def instrument(type, field)
  guard_proc = guard_proc(type, field)
  return field unless guard_proc

  old_resolve_proc = field.resolve_proc
  new_resolve_proc = ->(object, arguments, context) do
    authorized = guard_proc.call(object, arguments, context)

    if authorized
      old_resolve_proc.call(object, arguments, context)
    else
      not_authorized.call(type, field.name.to_sym)
    end
  end

  field.redefine { resolve(new_resolve_proc) }
end

#use(schema_definition) ⇒ Object

# File 'lib/graphql/guard.rb', line 20

def use(schema_definition)
  schema_definition.instrument(:field, self)
  schema_definition.target.instance_eval do
    def default_filter
      GraphQL::Filter.new(except: default_mask).merge(only: ->(schema_member, ctx) {
        schema_member.metadata[:mask] ? schema_member.metadata[:mask].call(ctx) : true
      })
    end
  end
end