class GraphQL::Authorization::Ability

Public Class Methods

new(user) click to toggle source
# File lib/graphql/authorization/ability.rb, line 2
def initialize(user)
  @user = user
  @ability = {}

  #default white list builtin scalars
  permit GraphQL::STRING_TYPE, execute: true, only: []
  permit GraphQL::INT_TYPE, execute: true, only: []
  permit GraphQL::FLOAT_TYPE, execute: true, only: []
  permit GraphQL::ID_TYPE, execute: true, only: []
  permit GraphQL::BOOLEAN_TYPE, execute: true, only: []

  ability(user)
end

Public Instance Methods

ability(user) click to toggle source
# File lib/graphql/authorization/ability.rb, line 72
def ability(user)
  raise NotImplementedError.new("must implmenet ability funciton")
end
allowed(type) click to toggle source
# File lib/graphql/authorization/ability.rb, line 64
def allowed type
  if type.class == GraphQL::UnionType
    permit type, execute: true
  else
    permit type, execute: true, only: GraphQL::Authorization::All
  end
end
callSetArgs(object,*args) click to toggle source

calls a proc-like object with args comensorate with it’s arity

# File lib/graphql/authorization/ability.rb, line 37
def callSetArgs(object,*args)
  arity = object&.arity || object.method(:call).arity
  if arity > 0
    object.call(*args[0..arity-1])
  elsif arity == 0
    object.call()
  else
    object.call(*args)
  end
end
canAccess(type,field,object=nil,args={}) click to toggle source

returns true if the user can access “field” on “type”

# File lib/graphql/authorization/ability.rb, line 57
def canAccess(type,field,object=nil,args={})
  return false unless @ability[type]
  access = @ability[type].access_permission[field]
  return callSetArgs(access,object,args) if access.respond_to? :call
  access
end
canExecute(type,args={}) click to toggle source

returns true if the user can execute queries of type, “type”

# File lib/graphql/authorization/ability.rb, line 49
def canExecute(type,args={})
  return false unless @ability[type]
  execute = @ability[type].execute_permission
  return callSetArgs(execute,args) if execute.respond_to? :call
  execute
end
permit(type,options={}) click to toggle source

permits execution, all access by default

# File lib/graphql/authorization/ability.rb, line 17
def permit(type,options={})
  raise NameError.new("duplicate ability definition") if @ability.key? type
  ability_object = GraphQL::Authorization::AbilityType.new(type,nil,{})
  if options.key?(:except) && options.key?(:only)
    raise ArgumentError.new("you cannot specify white list and black list")
  end
  if options[:except]
    ability_object.access(type.fields.keys.map(&:to_sym) - options[:except])
  elsif options[:only]
    ability_object.access(options[:only])
  end
  ability_object.execute options[:execute]
  if block_given?
    #note Proc.new creates a proc with the block given to the method
    ability_object.instance_eval(&Proc.new)
  end
  @ability[type] = ability_object
end