begin¶ ↑
This class was generated by the scaffold generator. It contains methods to handle authentication, authorization and access, using the User model. Default routes are created for each of this method (use 'surikat list routes' or look inside config/routes.yml to see them). Example queries/mutations can be found in the comments for each method.
- Generated at
-
%{time}
To test these queries, run 'rspec -f d spec/aaa_spec.rb'
end¶ ↑
class AAAQueries < Surikat::BaseQueries
begin¶ ↑
Description: Authenticate a user. On successful authentication, Surikat
will save the id
of the user in the session, and then return the session key, which the frontend client must then carry to the next request. If the authentication was not successful, a nil value is returned. Query Name: Authenticate
Input: { 'email' => String, 'password' => String }
OutputType: Boolean
Query Example: { Authenticate(email: 'a@b.c', password: 'abc') }
end¶ ↑
def authenticate user = User.authenticate(arguments) return nil unless user session[:user_id] = user.id session[:logged_in_at] = Time.now true end
begin¶ ↑
Description: Log a user out. The user's session is destroyed. Query Name: Logout
OutputType: Boolean (always true)
Query Example: { Logout }
end¶ ↑
def logout session.delete :user_id true end
begin¶ ↑
Description: Returns the current user. Normally there's little reason to call this; the assumption is that the frontend remembers who the current user is. Query Name: CurrentUser
OutputType: User
Query Example: { CurrentUser {
id email }
}
end¶ ↑
def current_user User.where(id: session[:user_id]).first end
begin¶ ↑
Description: Login as another user. The route for this query should have a permitted_roles
value of ['superadmin'] or something similar, so that only superadmins may login as somebody else. The id
of the current user is preserved in the session inside superadmin_id
and is used by another query, BackFromLoginAs
. Query Name: LoginAs
OutputType: Boolean
Query Example: { LoginAs(user_id: 2) }
end¶ ↑
def login_as new_user = User.where(id: arguments['user_id']).first if new_user current_user_id = session[:user_id] session[:user_id] = new_user.id session[:logged_in_at] = Time.now session[:superadmin_id] = current_user_id end end
begin¶ ↑
Description: After having logged in as someone else, the superadmin can become again his own self. Query Name: BackFromLoginAs
OutputType: Boolean
Query Example: { BackFromLoginAs }
end¶ ↑
def back_from_login_as superadmin = User.where(id: session[:superadmin_id]).first if superadmin session[:user_id] = superadmin.id session[:superadmin_id] = nil end end
begin¶ ↑
Just some demo queries used by the rspec tests. If you delete them, make sure to also delete the relevant tests in spec/aaa_spec.rb
.
end¶ ↑
def demo_one u = User.where(id: session[:user_id]).first "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]}." end def demo_two u = User.where(id: session[:user_id]).first "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]} (and you have an acceptable user role)." end def demo_three u = User.where(id: session[:user_id]).first "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]} (and you have an acceptable user role)." end
end