v1.3.2

Ignore introspection query in Object Authorization (#40)

v1.3.1

Improve typespec for unauthorized message (#39)

v1.3.0

Support functions in query scope authorization args (#36)

v1.2.0

• Add support to Absinthe 1.6 (#34)

v1.1.0

• Improve documentation (#31)
• Allow customization of Object Authorization message (#32)
• Support Absinthe 1.5 (requires at least 1.5.4) (#30)

v1.0.2

Fix object authorization for named fragments (#29 )

v1.0.1

Fix object authorization for union type (#26)

v1.0.0

v1 Released

Rajska is now stable, since we are 3 months without bugs and breaking changes! 🎉

New features

• Rate limiter absinthe middleware

v0.9.0

Breaking Changes

Previous Authorization.has_user_access?/4 module callback:

@callback has_user_access?(
    current_user,
    scope :: module(),
    {field :: any(), field_value :: any()},
    rule :: any()
  ) :: boolean()

New Authorization.has_user_access?/3 callback:

@callback has_user_access?(current_user, scoped_struct, rule) :: boolean()

• Merge scope module and {field, field_value} arguments into a struct, since scope module must define a struct
• Pass entire objects from field and query scope authorization to new has_user_access?/3
• Rename scope_by, scope_object_by and scope_field_by metas to scope?, scope_object? and scope_field?
• Set default scope? value to true

v0.8.0

Breaking Changes

• context_field_authorized? and field_authorized? removed, field authorization now uses has_context_access? with rules

Enhancements

• Add custom credo rules

Field authorization middleware:

• Add meta :rule
• Use source struct and scope_by for scoping
• Unify all scope functions in Rajska (no more context_field_authorized)
• Implement scope_field_by option

Object authorization middleware:

• Implement scope_object_by option