Module: Rails::GraphQL::Request::Authorizable

Included in:
Component::Field
Defined in:
lib/rails/graphql/request/steps/authorizable.rb

Overview

Helper methods for the authorize step of a request

Defined Under Namespace

Classes: Event

Instance Method Summary collapse

Instance Method Details

#check_authorization!Object

Check if the field is correctly authorized to be executed TODO: Implement reverse order of authorization



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/rails/graphql/request/steps/authorizable.rb', line 65

def check_authorization!
  return unless field.authorizable?
  *args, block = field.authorizer

  catch(:authorized) do
    event = authorization_event
    schema_events = request.all_events.try(:[], :authorize)
    executed = event.authorize_using(schema, args, schema_events)
    executed = event.authorize_using(self, args) || executed

    element = field&.owner
    while element && element != schema
      executed = event.authorize_using(element, args) || executed
      element = element.try(:owner)
    end

    if block.present?
      block.call(event, *args[0], **args[1])
      executed = true
    end

    event.unauthorized!(message: (+<<~MSG).squish) unless executed
      Authorization required but unable to be executed
    MSG
  end
rescue UnauthorizedFieldError => error
  request.rescue_with_handler(error)
  request.exception_to_error(error, self, stage: :authorization)
  invalidate!(:authorization)
end