class GraphQL::Authorization::Ability
Public Class Methods
new(user)
click to toggle source
# File lib/graphql/authorization/ability.rb, line 2 def initialize(user) @user = user @ability = {} #default white list builtin scalars permit GraphQL::STRING_TYPE, execute: true, only: [] permit GraphQL::INT_TYPE, execute: true, only: [] permit GraphQL::FLOAT_TYPE, execute: true, only: [] permit GraphQL::ID_TYPE, execute: true, only: [] permit GraphQL::BOOLEAN_TYPE, execute: true, only: [] ability(user) end
Public Instance Methods
ability(user)
click to toggle source
# File lib/graphql/authorization/ability.rb, line 72 def ability(user) raise NotImplementedError.new("must implmenet ability funciton") end
allowed(type)
click to toggle source
# File lib/graphql/authorization/ability.rb, line 64 def allowed type if type.class == GraphQL::UnionType permit type, execute: true else permit type, execute: true, only: GraphQL::Authorization::All end end
callSetArgs(object,*args)
click to toggle source
calls a proc-like object with args comensorate with it’s arity
# File lib/graphql/authorization/ability.rb, line 37 def callSetArgs(object,*args) arity = object&.arity || object.method(:call).arity if arity > 0 object.call(*args[0..arity-1]) elsif arity == 0 object.call() else object.call(*args) end end
canAccess(type,field,object=nil,args={})
click to toggle source
returns true if the user can access “field” on “type”
# File lib/graphql/authorization/ability.rb, line 57 def canAccess(type,field,object=nil,args={}) return false unless @ability[type] access = @ability[type].access_permission[field] return callSetArgs(access,object,args) if access.respond_to? :call access end
canExecute(type,args={})
click to toggle source
returns true if the user can execute queries of type, “type”
# File lib/graphql/authorization/ability.rb, line 49 def canExecute(type,args={}) return false unless @ability[type] execute = @ability[type].execute_permission return callSetArgs(execute,args) if execute.respond_to? :call execute end
permit(type,options={})
click to toggle source
permits execution, all access by default
# File lib/graphql/authorization/ability.rb, line 17 def permit(type,options={}) raise NameError.new("duplicate ability definition") if @ability.key? type ability_object = GraphQL::Authorization::AbilityType.new(type,nil,{}) if options.key?(:except) && options.key?(:only) raise ArgumentError.new("you cannot specify white list and black list") end if options[:except] ability_object.access(type.fields.keys.map(&:to_sym) - options[:except]) elsif options[:only] ability_object.access(options[:only]) end ability_object.execute options[:execute] if block_given? #note Proc.new creates a proc with the block given to the method ability_object.instance_eval(&Proc.new) end @ability[type] = ability_object end