Module: GraphQL::Authorization::Analyzer

Defined in:

lib/graphql/authorization.rb

Class Method Summary

• .call(memo, visit_type, irep_node) ⇒ Object
• .final_value(memo) ⇒ Object
• .initial_value(query) ⇒ Object

Class Method Details

.call(memo, visit_type, irep_node) ⇒ Object

# File 'lib/graphql/authorization.rb', line 33

def call(memo, visit_type, irep_node)
  if visit_type == :enter
    field = irep_node.definition
    if field
      schema = memo[:schema]
      ctx = memo[:context]
      next_field_accessible = schema.accessible?(field, ctx)
      if !next_field_accessible
        memo[:inaccessible_nodes] << irep_node
      else
        arg_accessible = true
        irep_node.arguments.argument_values.each do |name, arg_value|
          arg_accessible = schema.accessible?(arg_value.definition, ctx)
          if !arg_accessible
            memo[:inaccessible_nodes] << irep_node
            break
          end
        end
        if arg_accessible
          return_type = field.type.unwrap
          next_type_accessible = schema.accessible?(return_type, ctx)
          if !next_type_accessible
            memo[:inaccessible_nodes] << irep_node
          end
        end
      end
    end
  end
  memo
end

.final_value(memo) ⇒ Object

# File 'lib/graphql/authorization.rb', line 64

def final_value(memo)
  nodes = memo[:inaccessible_nodes]
  if nodes.any?
    fields = nodes.map do |node|
      field_inst = node.definition
      # Get the "source of truth" for this field
      field_inst.metadata[:type_class] || field_inst
    end
    context = memo[:context]
    err = InaccessibleFieldsError.new(fields: fields, irep_nodes: nodes, context: context)
    context.schema.inaccessible_fields(err)
  else
    nil
  end
end

.initial_value(query) ⇒ Object

# File 'lib/graphql/authorization.rb', line 25

def initial_value(query)
  {
    schema: query.schema,
    context: query.context,
    inaccessible_nodes: [],
  }
end