-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorize before fetching data #6
Comments
Are you talking about GraphQL integration (and here palkan/action_policy#81 as well)? |
Yes, I want to make authorization api using graphql and i have to make graphql controller available without authorization. And that make problems with other apis. I made user nullable in graphql context and after that everywhere in queries i have to check presence of current_user |
There is not short syntax for this right now (though we might consider adding this in the future releases). For now you can do the following: field :something, SomeType
def something
authorize! object, to: :rule?
object.something
end |
I see, thank you. I think for me it will be easier to make addition rest api for authorisation, than checking presence of current_user in every query. I think issue can be closed |
@alexander37137 Please, take a look at the proposed API: #10 (also solves the problem of combining scoping and authorization). |
Looks good to me |
Can i change authorize behavior to check policy before fetching data?
The text was updated successfully, but these errors were encountered: