-
Notifications
You must be signed in to change notification settings - Fork 425
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible to add authorization system on Juniper #447
Comments
This is not currently possible, but definitely desired. The async migration will take precedence for now, but this would not be terribly hard to implement. We could even implement this in a relatively type-safe manner. Currently your best bet is something more manual, but actually not much more verbose than a built-in solution (apart from enum Permission {
ReadPost,
ReadOwnPost,
WritePost,
...
}
struct Context {
user: Option<User>,
}
impl Context {
fn authorize(&self, permissions: &'static [Permission]) -> Result<(), FieldError> {
// ...
}
}
#[juniper::object(Context = Context)]
impl Query {
fn post(context: &Context, id: u64) -> Result<Post, FieldError> {
context.authorize(&[Permission::ReadPost])?;
...
}
}
|
@theduke We really appreciate your alternative but we would like to have a compilation-time, type-safe permissions system with the following characteristics:
We started using Rust for this kind of usage and would like to use it to its full potential since we're not able to do something like this with other languages. As @AurelienFT mentioned it earlier, it would look like this: impl Query {
#[authorized_call("ADMIN")]
#[filter_result(readPermissions)]
fn user(
context: &Context,
id: Option<String>,
email: Option<String>,
username: Option<String>,
role: Option<String>,
) -> FieldResult<Option<User>> {
Ok(find_user(context, id, email, username, role))
}
} We really want to implement this in the Juniper crate, can we create a MR to do so? Thank you for your time! |
@EituKo What are you thinking |
@davidpdrsn |
Isn’t that pretty much what @theduke suggested? If you want things to be more type safe I guess you would have to make the return type something like |
@davidpdrsn
This justifies the use of a These are the macros (names are not definitive):
If either 1, 2 or 3 is not specified on a query, we throw a compilation error. |
Imo if there is a generic, non-Authorization-related, way Juniper can help you accomplish what you want, that would be a great addition to Juniper. However, building authorization on top of Juniper is a bit of an anti-pattern. See the GraphQL.org's page on best practices for authorization: https://graphql.org/learn/authorization/ In your example, the recommended practice would be for the |
Agreed! If Juniper doesn't have the proper hooks, please open an issue on the missing extension / integration point. |
Really would like a way to define directives with attributes |
Hello,
I have my GraphQL API with Juniper and I want to add permissions to call a graphql_object/to get his result/to get some fields of the result.
With Type-GraphQL we can do something like that :
In Rust with Juniper I'll like to know if there is a way to do it ? I didn't find anything about it so I think about a good syntax to make it easy to use. There is something similar to this in Juniper ? :
Thank you for your time
The text was updated successfully, but these errors were encountered: