You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here is my issue: I would like to be able to authorize some specific arguments in a mutation, and not only the mutation as a whole.
Let's say I have a mutation to update a User. Maybe the user itself could update its first_name, but only the admin could upgrade its role, and the manager could assign it in a specific team.
I would like to do something like this:
classMutations::UpdateUser < BaseMutationargument:user_id,ID,loads: Types::UserType,required: trueargument:first_name,String,required: false# no specific authorization hereargument:last_name,String,required: false# no specific authorization hereargument:team_id,ID,loads: Types::Team,required: false,authorize: trueargument:role,Types::RoleEnum,required: false,authorize: truedefresolve(user:, **params)authorize!user,to: :update?user.update!(params){user: user}endend
And then, in my policy class, I could have something like this:
classUserPolicy < ApplicationPolicydefteam?=user.manager? || user.admin?defrole?=user.admin?defupdate?# my mutation authorization logicend
For now, the only way to achieve this I found was to do all this argument-validation logic inside my resolver, but the implementation feels a bit lame.
For example:
Hi there @palkan! 👋
First of all, thanks for your amazing gem :)
Here is my issue: I would like to be able to authorize some specific arguments in a mutation, and not only the mutation as a whole.
Let's say I have a mutation to update a User. Maybe the user itself could update its first_name, but only the admin could upgrade its role, and the manager could assign it in a specific team.
I would like to do something like this:
And then, in my policy class, I could have something like this:
For now, the only way to achieve this I found was to do all this argument-validation logic inside my resolver, but the implementation feels a bit lame.
For example:
Is there a better way to manage this?
Thanks a lot :)
The text was updated successfully, but these errors were encountered: