Do not expect query authorization to be the first middlware when addi…

…ng object authorization
jungsoft · Nov 30, 2020 · a5bcb27 · a5bcb27
1 parent 6cd9331
commit a5bcb27
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/lib/schema.ex b/lib/schema.ex
@@ -17,8 +17,8 @@ defmodule Rajska.Schema do
     Field.t(),
     module()
   ) :: [Middleware.spec(), ...]
-  def add_query_authorization(middleware, %Field{name: query_name}, authorization) do
-    middleware
+  def add_query_authorization(middlewares, %Field{name: query_name}, authorization) do
+    middlewares
     |> Enum.find(&find_middleware/1)
     |> case do
       {{QueryAuthorization, :call}, config} ->
@@ -28,20 +28,26 @@ defmodule Rajska.Schema do
         raise "No permission specified for query #{query_name}"
     end
 
-    middleware
+    middlewares
   end
 
   def find_middleware({{QueryAuthorization, :call}, _config}), do: true
   def find_middleware({{Absinthe.Resolution, :call}, _config}), do: true
   def find_middleware({_middleware, _config}), do: false
 
   @spec add_object_authorization([Middleware.spec(), ...]) :: [Middleware.spec(), ...]
-  def add_object_authorization([{{QueryAuthorization, :call}, _} = query_authorization | middleware]) do
-    [query_authorization, ObjectAuthorization] ++ middleware
+  def add_object_authorization(middlewares) do
+    middlewares
+    |> Enum.reduce([], fn
+      {{QueryAuthorization, :call}, _config} = query_authorization, new_middlewares ->
+        [ObjectAuthorization, query_authorization] ++ new_middlewares
+
+      middleware, new_middlewares ->
+        [middleware | new_middlewares]
+    end)
+    |> Enum.reverse()
   end
 
-  def add_object_authorization(middleware), do: [ObjectAuthorization | middleware]
-
   @spec add_field_authorization(
     [Middleware.spec(), ...],
     Field.t(),