class GraphQL::Authorization::Instrumentation

Public Class Methods

new(always_allow_execute: false) click to toggle source
# File lib/graphql/authorization/instrumentation.rb, line 5
def initialize(always_allow_execute: false)
  @always_allow_execute = always_allow_execute
end

Public Instance Methods

baseTypeOf(type) click to toggle source

returns the essential type of a potentially wrapped type (i.e., list or non-null)

# File lib/graphql/authorization/instrumentation.rb, line 10
def baseTypeOf(type)
  if type.class == GraphQL::NonNullType || type.class == GraphQL::ListType
    baseTypeOf(type.of_type)
  else
    type
  end
end
instrument(type, field) click to toggle source
# File lib/graphql/authorization/instrumentation.rb, line 22
def instrument(type, field)
  fieldType = baseTypeOf(field.type)
  old_resolve_proc = field.resolve_proc
  new_resolve_proc = lambda do |obj, args, ctx|
    unless ctx[:ability] == :root
      raise GraphQL::Authorization::Unauthorized, "not authorized to execute #{fieldType.name}" unless ctx[:ability].canExecute(fieldType, toSymKeys(args.to_h)) || @always_allow_execute
      raise GraphQL::Authorization::Unauthorized, "not authorized to access #{field.name} on #{type.name}" unless ctx[:ability].canAccess(type, field.name.to_sym, obj, toSymKeys(args.to_h))
    end
    old_resolve_proc.call(obj, args, ctx)
  end

  # Return a copy of `field`, with a new resolve proc
  field.redefine do
    resolve(new_resolve_proc)
  end
end
toSymKeys(hash) click to toggle source
# File lib/graphql/authorization/instrumentation.rb, line 18
def toSymKeys(hash)
  hash.map { |key, value| [key.to_sym, value] }.to_h
end