Comments (2)
Hi, @justgage. Thanks for opening the issue!
Yeah, that's a common problem. Since you don't have a location
object on the top level query before executing the resolve
lambda, guard
can't be performed. That's why, in my opinion, in most of the cases gems like CanCanCan or Pundit are used explicitly in the controller actions with RESTful APIs.
You can try to extract the authorization logic something like:
field :location, Types::LocationType do
argument :id, !types.ID
description 'Find a Location by ID'
guard ->(_obj, args, context) do
location = Location.find_by(id: args['id'])
location && context[:current_ability].can?(:read, location)
end
resolve ->(_obj, args, context) do
Location.find_by(id: args['id'])
end
end
But that produces 2 Location.find_by
queries. You can also try to memoize the location somehow. For example, through the context:
guard ->(_obj, args, context) do
context[:location] = Location.find_by(id: args['id'])
context[:location] && context[:current_ability].can?(:read, context[:location])
end
resolve ->(_obj, _args, context) do
context[:location]
end
I personally wish graphql-ruby
fully supports Plain Old Ruby Objects (PORO) for schema definition, so, it'is possible to memoize values with just @instance
variables :)
Alternatively, as you suggested, simply inline the authorization logic to the resolve
lambda.
Let me know what you think :)
from graphql-guard.
I ended up keeping both the guard
clauses to provide a blanket of safety and add inline resolve logic for API niceness. The next version of the library I think will support PORO's for what it's worth. Thanks for your response!
from graphql-guard.
Related Issues (20)
- Outdated Documentation HOT 3
- Can't Using Mutation Type and Query Type Together HOT 3
- Pass field name to guard block HOT 2
- graphql-ruby 1.10.0 update broke the gem HOT 2
- Does not seem to work with GraphQL::Execution::Interpreter HOT 10
- Use on resolver HOT 7
- guard lambdas are receiving the schema type object, rather than the found instance HOT 1
- Policy lambda receiving inconsistent value in test HOT 2
- Add support for Mutation HOT 5
- Add support for arguments HOT 3
- Add support for context to not_authorized callback when using Policy HOT 3
- Upgraded to 2.0 And Cannot `rescue_from GraphQL::Guard::NotAuthorizedError` HOT 1
- [Bug] Guarding or masking a field on an Object Type hides the entire object and not just the individual field HOT 6
- Upgraded to 2.0: Parameter Hash Keys in a `field`'s Inline `guard` Were camelCase And Are Now snake_case
- Arguments using loads don't get loaded in mutations unless in a subtype
- Is this project still under development?
- Using guard in base/parent class always takes priority HOT 1
- not_authorized calls with Interface type instead of the real owner
- Deprecation warnings with graphql-1.13.1 HOT 15
- How to tell which record is causing `GraphQL::Guard::NotAuthorizedError` to be raised?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql-guard.