This gem allows you to use Action Policy as an authorization framework for Graphiti applications.
The following features are currently enabled:
- Authorization of
create
,update
anddestroy
actions - Resource scoping
Add this line to your application's Gemfile:
gem "action_policy-graphiti"
The integration is done via including a behaviour module into your Graphiti resources:
class TestResource < ApplicationResource
include ActionPolicy::Graphiti::Behaviour
end
Authorization of actions is done via using corresponding class methods:
class TestResource < ApplicationResource
include ActionPolicy::Graphiti::Behaviour
authorize_action :create
authorize_action :update
authorize_action :destroy
end
Or certain action shortcuts may be used (pay attention to explicit policies and actions):
class TestResource < ApplicationResource
include ActionPolicy::Graphiti::Behaviour
authorize_create to: :manage_but_not_destroy?
authorize_update with: 'TestExplicitPolicy', to: :manage_but_not_destroy?
authorize_destroy
end
Note: current implementation requires you to use policy names (when specifying explicit policies) instead of classes since it is not guaranteed that policy classes are already loaded before the resource classes load.
Note: current implementation requires you to place authorize_
directives after before_save
and before_destroy
hooks (since it is adding authorization checks as hooks and we want them to be called after all the regular hooks were completed).
Scoping is done via adding the following class method call (you can specify the explicit policy using with
argument):
class TestResource < ApplicationResource
include ActionPolicy::Graphiti::Behaviour
authorize_scope with: 'TestExplicitPolicy'
# or just plain authorize_scope
end
You can also use a handy shortcut (you can also use an explicit with
argument just as with other authorize_
class methods) to authorize create
, update
, destroy
methods and also apply scoping:
class TestResource < ApplicationResource
include ActionPolicy::Graphiti::Behaviour
authorize_and_scope_all with: 'TestExplicitPolicy'
# or just plain authorize_and_scope_all if you want to deduce the policy class
end
Note: current implementation requires you to place authorize_scope
(and authorize_and_scope_all
too) call after the explicit base_scope
method (scoping is performed by base scope results modification).
You can also use authorization context building inside Graphiti resources (just like with Action Policy in controllers):
class TestResource < ApplicationResource
include ActionPolicy::Graphiti::Behaviour
authorize :parameter, through: :acquire_parameter
def acquire_parameter
# Your code goes here
end
end
Or in a base class:
class ApplicationResource < Graphiti::Resource
include ActionPolicy::Graphiti::Behaviour
authorize :parameter, through: :acquire_parameter
def acquire_parameter
# Your code goes here
end
end
And then in a corresponding policy:
class ApplicationPolicy < ActionPolicy::Base
authorize :parameter
end
Bug reports and pull requests are welcome on GitHub at https://github.com/shrimple-tech/action_policy-graphiti.
The gem is available as open source under the terms of the MIT License.