mirror of
https://github.com/ash-project/ash_graphql.git
synced 2024-09-20 13:24:14 +12:00
980 B
980 B
Authorization
By default, authorize?
in the api is set to true. To disable authorization for a given API in graphql, use:
graphql do
authorize? false
end
If you are doing authorization, you'll need to provide an actor
.
To set the actor
for authorization, you'll need to add an actor
key to the absinthe context. Typically, you would have a plug that fetches the current user, and in that plug you could set the absinthe context. For example:
defmodule MyAppWeb.UserPlug do
@behaviour Plug
import Plug.Conn
def init(opts), do: opts
def call(conn, _) do
case build_context(conn) do
{:ok, context} ->
put_private(conn, :absinthe, %{context: context})
_ ->
conn
end
end
defp build_context(conn) do
with ["" <> token] <- get_req_header(conn, "authorization"),
{:ok, user, _claims} <- MyApp.Guardian.resource_from_token(token) do
{:ok, %{actor: user}}
end
end
end