Class: Rails::GraphQL::Request::Authorizable::Event

Inherits:

Event

• Object
• Event
• Rails::GraphQL::Request::Authorizable::Event

Defined in:

lib/rails/graphql/request/steps/authorizable.rb

Overview

Event used to perform an authorization step

Constant Summary

Constants inherited from Event

Event::TRIGGER_TYPES

Instance Attribute Summary

Attributes inherited from Event

#data, #event_name, #last_result, #object, #source

Instance Method Summary

• #authorize_using(object, send_args, events = nil) ⇒ Object

  Similar to trigger for object, but with an extra extension for instance methods defined on the given object.

• #authorized! ⇒ Object

  Simply authorize the operation.

• #same_source?(other) ⇒ Boolean

  Same behavior as the request event.

• #unauthorized!(message: nil) ⇒ Object

  Simply unauthorize the operation.

Methods inherited from Event

#call_next, #initialize, #parameter, #parameter?, #set_on, #stop, trigger, #trigger, #trigger_all, #trigger_object

Constructor Details

This class inherits a constructor from Rails::GraphQL::Event

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Rails::GraphQL::Event

Instance Method Details

#authorize_using(object, send_args, events = nil) ⇒ Object

Similar to trigger for object, but with an extra extension for instance methods defined on the given object

# File 'lib/rails/graphql/request/steps/authorizable.rb', line 17

def authorize_using(object, send_args, events = nil)
  @object = object

  cache = data[:request].nested_cache(:authorize, object) { [] }
  return false if cache.present? && cache.none?
  args, xargs = send_args

  # Authorize through instance method
  using_object = cache[0] ||= authorize_on_object(object)
  set_on(using_object) do |instance|
    instance.public_send(:authorize!, *args, **xargs)
  end if using_object

  # Authorize through events
  using_events = cache[1] ||= (events || object.all_events.try(:[], :authorize))
  using_events&.each { |block| block.call(self, *args, **xargs) }

  # Does any authorize process ran
  cache.any?
end

#authorized! ⇒ Object

Simply authorize the operation

# File 'lib/rails/graphql/request/steps/authorizable.rb', line 46

def authorized!(*)
  throw :authorized
end

#same_source?(other) ⇒ Boolean

Same behavior as the request event

Returns:

• (Boolean)

# File 'lib/rails/graphql/request/steps/authorizable.rb', line 11

def same_source?(other)
  super || (source.try(:kind) == :field && source.field == other)
end

#unauthorized!(message: nil) ⇒ Object

Simply unauthorize the operation

Raises:

• (UnauthorizedFieldError)

# File 'lib/rails/graphql/request/steps/authorizable.rb', line 39

def unauthorized!(*, message: nil, **)
  raise UnauthorizedFieldError, message || (+<<~MSG).squish
    Unauthorized access to "#{field.gql_name}" field.
  MSG
end