ash-project/ash_graphql
1
0
Fork 0
mirror of https://github.com/ash-project/ash_graphql.git synced 2024-09-20 05:13:33 +12:00
Code Issues Projects Releases Packages Wiki Activity
ash_graphql/documentation/authorization.md
Zach Daniel 68306a7265 improvement: support ash_context key
2021-04-19 16:17:35 -04:00

1.4 KiB
Raw Permalink Blame History

Authorization and Context

AshGraphql uses two special keys in the absinthe context:

  • :actor - the current actor, to be used for authorization/preparations/changes
  • :ash_context - a map of arbitrary context to be passed into the changeset/query. Accessible via changeset.context and query.context

By default, authorize? in the api is set to true. To disable authorization for a given API in graphql, use:

graphql do
  authorize? false
end

If you are doing authorization, you'll need to provide an actor. To set the actor for authorization, you'll need to add an actor key to the absinthe context. Typically, you would have a plug that fetches the current user, and in that plug you could set the absinthe context. For example:

defmodule MyAppWeb.UserPlug do
  @behaviour Plug

  import Plug.Conn

  def init(opts), do: opts

  def call(conn, _) do
    case build_context(conn) do
      {:ok, context} ->
        put_private(conn, :absinthe, %{context: context})

      _ ->
        conn
    end
  end

  defp build_context(conn) do
    with ["" <> token] <- get_req_header(conn, "authorization"),
         {:ok, user, _claims} <- MyApp.Guardian.resource_from_token(token) do
         # ash_context allows you to pass arbitrary data down into the changeset/query context
         # This can be accessed at `changeset.context` or `query.context`.
      {:ok, %{actor: user, ash_context: %{some: :data}}}
    end
  end
end