From a7bf4ce696875458a0fb9bf336d6824c0ffe79cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Pr=C3=A1?= Date: Sat, 31 Aug 2019 19:47:26 -0300 Subject: [PATCH] Update rajska functions to get context instead of resolution --- lib/middlewares/field_authorization.ex | 9 +++++---- lib/middlewares/object_authorization.ex | 6 +++--- lib/middlewares/object_scope_authorization.ex | 4 ++-- lib/middlewares/query_authorization.ex | 16 ++++++++-------- lib/middlewares/scope_authorization.ex | 8 ++++---- lib/rajska.ex | 10 ++++------ 6 files changed, 26 insertions(+), 27 deletions(-) diff --git a/lib/middlewares/field_authorization.ex b/lib/middlewares/field_authorization.ex index d49363a..fe374ba 100644 --- a/lib/middlewares/field_authorization.ex +++ b/lib/middlewares/field_authorization.ex @@ -35,6 +35,7 @@ defmodule Rajska.FieldAuthorization do scope_by = get_scope_by_field!(object, is_field_private?) resolution + |> Map.get(:context) |> authorized?(is_field_private?, scope_by, resolution.source) |> put_result(resolution, field) end @@ -52,12 +53,12 @@ defmodule Rajska.FieldAuthorization do end end - defp authorized?(_resolution, false, _scope_by, _source), do: true + defp authorized?(_context, false, _scope_by, _source), do: true - defp authorized?(resolution, true, scope_by, source) do - case Rajska.apply_auth_mod(resolution, :is_super_user?, [resolution]) do + defp authorized?(context, true, scope_by, source) do + case Rajska.apply_auth_mod(context, :is_super_user?, [context]) do true -> true - false -> Rajska.apply_auth_mod(resolution, :is_resolution_field_authorized?, [resolution, scope_by, source]) + false -> Rajska.apply_auth_mod(context, :is_context_field_authorized?, [context, scope_by, source]) end end diff --git a/lib/middlewares/object_authorization.ex b/lib/middlewares/object_authorization.ex index 6cce097..1d069db 100644 --- a/lib/middlewares/object_authorization.ex +++ b/lib/middlewares/object_authorization.ex @@ -90,14 +90,14 @@ defmodule Rajska.ObjectAuthorization do defp authorize_object(object, fields, resolution) do object |> Type.meta(:authorize) - |> is_authorized?(resolution, object) + |> is_authorized?(resolution.context, object) |> put_result(fields, resolution, object) end defp is_authorized?(nil, _, object), do: raise "No meta authorize defined for object #{inspect object.identifier}" - defp is_authorized?(permission, resolution, _object) do - Rajska.apply_auth_mod(resolution, :is_resolution_authorized?, [resolution, permission]) + defp is_authorized?(permission, context, _object) do + Rajska.apply_auth_mod(context, :is_context_authorized?, [context, permission]) end defp put_result(true, fields, resolution, _type), do: find_associations(fields, resolution) diff --git a/lib/middlewares/object_scope_authorization.ex b/lib/middlewares/object_scope_authorization.ex index c5291b2..f683b3c 100644 --- a/lib/middlewares/object_scope_authorization.ex +++ b/lib/middlewares/object_scope_authorization.ex @@ -129,12 +129,12 @@ defmodule Rajska.ObjectScopeAuthorization do defp is_authorized?({scoped_struct, field}, values, context, _object) do scoped_field_value = Map.get(values, field) - Rajska.apply_auth_mod(context, :has_resolution_access?, [context, scoped_struct, scoped_field_value]) + Rajska.apply_auth_mod(context, :has_context_access?, [context, scoped_struct, scoped_field_value]) end defp is_authorized?(scoped_struct, values, context, _object) do scoped_field_value = Map.get(values, :id) - Rajska.apply_auth_mod(context, :has_resolution_access?, [context, scoped_struct, scoped_field_value]) + Rajska.apply_auth_mod(context, :has_context_access?, [context, scoped_struct, scoped_field_value]) end defp error(%{source_location: location, schema_node: %{type: type}}) do diff --git a/lib/middlewares/query_authorization.ex b/lib/middlewares/query_authorization.ex index 98b431e..5ed9b1e 100644 --- a/lib/middlewares/query_authorization.ex +++ b/lib/middlewares/query_authorization.ex @@ -40,17 +40,17 @@ defmodule Rajska.QueryAuthorization do @behaviour Absinthe.Middleware - def call(resolution, [{:permit, permission} | _scoped] = config) do - validate_permission!(resolution, permission) + def call(%{context: context} = resolution, [{:permit, permission} | _scoped] = config) do + validate_permission!(context, permission) - resolution - |> Rajska.apply_auth_mod(:is_resolution_authorized?, [resolution, permission]) + context + |> Rajska.apply_auth_mod(:is_context_authorized?, [context, permission]) |> update_result(resolution) |> QueryScopeAuthorization.call(config) end - defp validate_permission!(resolution, permitted_roles) do - valid_roles = Rajska.apply_auth_mod(resolution, :valid_roles) + defp validate_permission!(context, permitted_roles) do + valid_roles = Rajska.apply_auth_mod(context, :valid_roles) unless permission_valid?(valid_roles, permitted_roles) do raise """ @@ -70,7 +70,7 @@ defmodule Rajska.QueryAuthorization do defp update_result(true, resolution), do: resolution - defp update_result(false, resolution) do - Resolution.put_result(resolution, {:error, Rajska.apply_auth_mod(resolution, :unauthorized_msg, [resolution])}) + defp update_result(false, %{context: context} = resolution) do + Resolution.put_result(resolution, {:error, Rajska.apply_auth_mod(context, :unauthorized_msg, [context])}) end end diff --git a/lib/middlewares/scope_authorization.ex b/lib/middlewares/scope_authorization.ex index 8737517..d8a3507 100644 --- a/lib/middlewares/scope_authorization.ex +++ b/lib/middlewares/scope_authorization.ex @@ -51,7 +51,7 @@ defmodule Rajska.QueryScopeAuthorization do def call(resolution, [_ | [scoped: false]]), do: resolution def call(resolution, [{:permit, permission} | scoped_config]) do - not_scoped_roles = Rajska.apply_auth_mod(resolution, :not_scoped_roles) + not_scoped_roles = Rajska.apply_auth_mod(resolution.context, :not_scoped_roles) case Enum.member?(not_scoped_roles, permission) do true -> resolution @@ -105,9 +105,9 @@ defmodule Rajska.QueryScopeAuthorization do raise "Error in query #{name}: no argument found in middleware Scope Authorization" end - def apply_scope_authorization(resolution, field_value, scoped_struct) do - resolution - |> Rajska.apply_auth_mod(:has_resolution_access?, [resolution, scoped_struct, field_value]) + def apply_scope_authorization(%{context: context} = resolution, field_value, scoped_struct) do + context + |> Rajska.apply_auth_mod(:has_context_access?, [context, scoped_struct, field_value]) |> update_result(resolution) end diff --git a/lib/rajska.ex b/lib/rajska.ex index 1e0dddf..dc7877a 100644 --- a/lib/rajska.ex +++ b/lib/rajska.ex @@ -54,8 +54,6 @@ defmodule Rajska do Since Scope Authorization middleware must be used with Query Authorization, it is automatically called when adding the former. """ - alias Absinthe.Resolution - alias Rajska.Authorization defmacro __using__(opts \\ []) do @@ -117,20 +115,20 @@ defmodule Rajska do |> is_super_role?() end - def is_resolution_authorized?(context, allowed_role) do + def is_context_authorized?(context, allowed_role) do context |> get_current_user() |> get_user_role() |> is_role_authorized?(allowed_role) end - def is_resolution_field_authorized?(context, scope_by, source) do + def is_context_field_authorized?(context, scope_by, source) do context |> get_current_user() |> is_field_authorized?(scope_by, source) end - def has_resolution_access?(context, scoped_struct, field_value) do + def has_context_access?(context, scoped_struct, field_value) do context |> get_current_user() |> has_user_access?(scoped_struct, field_value) @@ -176,7 +174,7 @@ defmodule Rajska do apply(authorization, fnc_name, args) end - def apply_auth_mod(context, _fnc_name, _args) do + def apply_auth_mod(_context, _fnc_name, _args) do raise "Rajska authorization module not found in Absinthe's context" end