Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How would you authorize a subscription? #1528

Closed
jonathanphilippou opened this issue May 22, 2018 · 3 comments
Closed

How would you authorize a subscription? #1528

jonathanphilippou opened this issue May 22, 2018 · 3 comments

Comments

@jonathanphilippou
Copy link

jonathanphilippou commented May 22, 2018
edited
Loading

How would you authorize in Rails? (Assuming you set context: current_user properly in app/channels/graphql_channel.rb) I'm trying to update users when a friend request has been received.

<-- Edit: Can scope help me? -- >

<-- Edit: It's similar to #1057 -->

So far it works. Only drawback: authorization. Currently, the client puts in a user_id to specify which user's content to subscribe to, but any user can pass in any other user's id. Instead, I want each subscription to subscribe using ctx[:current_user].id. But idk how to access the context. How would I do this? I tried adding a call(obj, args, ctx) or resolve method to my subscription, but it didn't work. Here's what I've got for reference:

A subscription for newly received friend requests:

# app/graphql/subscriptions/friend_request_received.rb
class Subscriptions::FriendRequestReceived < GraphQL::Function
  type !Types::FriendRequestType
  argument :id, !types.ID
  description 'A friend request was received by the user.'
end

A job that triggers all subscribers:

# app/jobs/create_friend_request_job.rb
class CreateFriendRequestJob < ApplicationJob
  queue_as :friend_requests

  def perform(friend_request)
    MySchema.subscriptions.trigger('friendRequestReceived', { id: friend_request.receiver.id }, friend_request)
  end

end

A method creates a job after_create:

# app/models/friend_request.rb
class FriendRequest < ApplicationRecord
  after_create :update_subscribers

...

  def update_subscribers
    CreateFriendRequestJob.new(self).enqueue
  end

...

end

Let me know if anyone can help in any way! Also, does this make sense? I'm doing all of my work for the subscription OUTSIDE of the subscription file itself, which kind of feels weird. Is this the proper way to do things? Thanks!
@flyfy1
Copy link
Contributor

flyfy1 commented Jun 5, 2018

Hi @Conturbo , my recent PR just got merged: #1502

It's to support authorization. So I think it would be supported when the next release comes out, and @rmosolgo also added in the docs for it: a329ff3#diff-d206d5f8891deaca408fcccd141e6193R63

@rmosolgo
Copy link
Owner

rmosolgo commented Jun 5, 2018

or, you can bundle master with gem "graphql", github: "rmosolgo/graphql-ruby" in your Gemfile. Please reopen this if it doesn't work for you, and 👏 again for @flyfy1's work on this topic!

@rmosolgo rmosolgo closed this as completed Jun 5, 2018
@rmosolgo rmosolgo mentioned this issue Oct 29, 2018
Merged
1 task
@rmosolgo
Copy link
Owner

Taking another look at this in #1930

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@flyfy1 @rmosolgo @jonathanphilippou