Last active
November 5, 2015 04:08
-
-
Save eyston/ace33b385f57aabc7807 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const hasRole = (role, next) => { | |
| return (obj, args, ctx) => { | |
| if (ctx.rootValue.user.hasRole(role)) { | |
| next(obj, args, ctx); | |
| } else { | |
| return null; | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { query, variables } = request.params; // from the request | |
| const user = db.getUser(request.session.userId); // from your session -- pretend it has user id or something! | |
| graphql(schema, query, {user}, variables); // shove the user in the root value |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const UserType = new GraphQLObjectType({ | |
| name: 'User', | |
| fields: { | |
| email: { | |
| type: GraphQLString, | |
| resolve: (user, _, {rootValue}) => { | |
| // only the current user can see their email | |
| // can imagine this checking admin roles and stuff | |
| if (user.id === rootValue.user.id) { | |
| return user.email; | |
| } else { | |
| // maybe you can throw to add an error to the response! | |
| return null; | |
| } | |
| } | |
| }, | |
| socialSecurityNumber: { | |
| type: GraphQLString, | |
| resolve: hasRole('admin', user => user.socialSecurityNumber) | |
| } | |
| } | |
| }); |
@bostonou I can't stop:
https://www.youtube.com/watch?v=7lm3K8zVOdY
This was a talk from clojure/conj 2014 where a bank actually filters a datomic database to only include attributes a user can see. This means any query can be run safely as the only attribute values which can possibly be returned are authorized.
I have _zero_ idea if this is a good / bad idea, but definitely neato. And cognitect has included them in literature so maybe its a great idea, I dunno!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yah, I've been tracking the
om-nextstuff. GraphQL is different in that it in fact is spec to walk the whole tree. This is actually what I wanted to get at in the last comment -- only the leave values matter. Every complex value which gets returned is simply the collection of its leaves.With
om-nextthe parser can return complex values meaning you do not necessarily walk the leaves. In this case your parser/read for:projectwould want to make sure the value it returns has been pre-filtered to the current user.I haven't implemented a parser / done much with om-next but maybe the parser can be recursive? The Falcor router essentially does this. One route might handle
:projectand then defer to a different handler which handles:fileor something.