-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorizer: Pass operation type in addition to context #1026
Labels
enhancement
New feature or request
Comments
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 2, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 5, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 5, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 5, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 7, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 7, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 7, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 7, 2021
mwoelk
added a commit
to mwoelk/nestjs-query
that referenced
this issue
Apr 8, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 9, 2021
Merged
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
doug-martin
pushed a commit
that referenced
this issue
Apr 13, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Right now a custom Authorizer can be defined by e.g. implementing Authorizer and passing the new class via a decorator.
In the implementation of the
authorize
function we are only passed the graphqlcontext
.The authorization applies the same to all operations (query/updateOne/updateMany/etc...).
Often we might have different authorization requirements for read/write operations.
E.g. a user might be allowed to read all other users but should only be allowed to update/delete his own user.
Have you read the Contributing Guidelines?
yes
Describe the solution you'd like
Authorizer Implementation
The authorizer should also receive information on the type of the method that should be authorized and in the best case some additional data that was passed by the user to also allow for fine grained authorization.
Example that would allow to update the
isArchived
field only on ToDos that are owned by the user:AuthorizerFilter
The
@AuthorizerFilter()
could be adapted to pass the name of the decorated function by default to the method argument of theauthorize
function (this could e.g. be overriden by a decorator argument). In a similar fashion, the@Args
of the decorated method should be passed to the data.Authorize decorator
With such an addition, the
@Authorize
decorator could also be used to authorize the create* methods by checking the input data and throwing an exception if the creation should be forbidden.This approach would also keep backwards-compatibility because a user doesn't need to use the method/data arguments in his custom Authorizer.
The text was updated successfully, but these errors were encountered: