Authorize before fetching data #6
Comments
|
Are you talking about GraphQL integration (and here palkan/action_policy#81 as well)? |
|
Yes, I want to make authorization api using graphql and i have to make graphql controller available without authorization. And that make problems with other apis. I made user nullable in graphql context and after that everywhere in queries i have to check presence of current_user |
|
There is not short syntax for this right now (though we might consider adding this in the future releases). For now you can do the following: field :something, SomeType
def something
authorize! object, to: :rule?
object.something
end |
|
I see, thank you. I think for me it will be easier to make addition rest api for authorisation, than checking presence of current_user in every query. I think issue can be closed |
|
@alexander37137 Please, take a look at the proposed API: #10 (also solves the problem of combining scoping and authorization). |
|
Looks good to me |
Can i change authorize behavior to check policy before fetching data?
The text was updated successfully, but these errors were encountered: