{"id":13879735,"url":"https://github.com/palkan/action_policy-graphql","last_synced_at":"2025-04-04T08:05:37.378Z","repository":{"id":54290650,"uuid":"187684362","full_name":"palkan/action_policy-graphql","owner":"palkan","description":"Action Policy integration for GraphQL","archived":false,"fork":false,"pushed_at":"2024-07-08T12:47:38.000Z","size":95,"stargazers_count":152,"open_issues_count":1,"forks_count":8,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-28T07:02:39.475Z","etag":null,"topics":["authorization","graphql","hacktoberfest","ruby"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/palkan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-20T17:23:04.000Z","updated_at":"2025-02-11T21:34:36.000Z","dependencies_parsed_at":"2023-12-22T15:48:34.325Z","dependency_job_id":"940ee1db-b70f-4570-bec5-9804b6d16b5a","html_url":"https://github.com/palkan/action_policy-graphql","commit_stats":{"total_commits":65,"total_committers":6,"mean_commits":"10.833333333333334","dds":"0.24615384615384617","last_synced_commit":"9338cefef3abbb7d3f04569e501c90be0bd3ba28"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy-graphql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy-graphql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy-graphql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy-graphql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/palkan","download_url":"https://codeload.github.com/palkan/action_policy-graphql/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247137371,"owners_count":20889860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","graphql","hacktoberfest","ruby"],"created_at":"2024-08-06T08:02:30.814Z","updated_at":"2025-04-04T08:05:37.351Z","avatar_url":"https://github.com/palkan.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"[![Gem Version](https://badge.fury.io/rb/action_policy-graphql.svg)](https://badge.fury.io/rb/action_policy-graphql)\n![Build](https://github.com/palkan/action_policy-graphql/workflows/Build/badge.svg)\n![JRuby Build](https://github.com/palkan/action_policy-graphql/workflows/JRuby%20Build/badge.svg)\n[![Documentation](https://img.shields.io/badge/docs-link-brightgreen.svg)](https://actionpolicy.evilmartians.io/#/graphql)\n\n# Action Policy GraphQL\n\n\u003cimg align=\"right\" height=\"150\" width=\"129\"\n title=\"Action Policy logo\" src=\"./assets/logo.svg\"\u003e\n\nThis gem provides an integration for using [Action Policy](https://github.com/palkan/action_policy) as an authorization framework for GraphQL applications (built with [`graphql` ruby gem](https://graphql-ruby.org)).\n\nThis integration includes the following features:\n\n- Fields \u0026 mutations authorization\n- List and connections scoping\n- [**Exposing permissions/authorization rules in the API**](https://evilmartians.com/chronicles/exposing-permissions-in-graphql-apis-with-action-policy).\n\nšŸ“‘ [Documentation](https://actionpolicy.evilmartians.io/#/graphql)\n\n\u003ca href=\"https://evilmartians.com/?utm_source=action_policy-graphql\"\u003e\n\u003cimg src=\"https://evilmartians.com/badges/sponsored-by-evil-martians.svg\" alt=\"Sponsored by Evil Martians\" width=\"236\" height=\"54\"\u003e\u003c/a\u003e\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem \"action_policy-graphql\"\n```\n\n## Usage\n\n**NOTE:** this is a quick overview of the functionality provided by the gem. For more information see the [documentation](https://actionpolicy.evilmartians.io/#/graphql).\n\nTo start using Action Policy in GraphQL-related code, you need to enhance your base classes with `ActionPolicy::GraphQL::Behaviour`:\n\n```ruby\n# For fields authorization, lists scoping and rules exposing\nclass Types::BaseObject \u003c GraphQL::Schema::Object\n include ActionPolicy::GraphQL::Behaviour\nend\n\n# For using authorization helpers in mutations\nclass Types::BaseMutation \u003c GraphQL::Schema::Mutation\n include ActionPolicy::GraphQL::Behaviour\nend\n\n# For using authorization helpers in resolvers\nclass Types::BaseResolver \u003c GraphQL::Schema::Resolver\n include ActionPolicy::GraphQL::Behaviour\nend\n```\n\n### `authorize: *`\n\nYou can add authorization to the fields by specifying the `authorize: *` option:\n\n```ruby\nfield :home, Home, null: false, authorize: true do\n argument :id, ID, required: true\nend\n\n# field resolver method\ndef home(id:)\n Home.find(id)\nend\n```\n\nThe code above is equal to:\n\n```ruby\nfield :home, Home, null: false do\n argument :id, ID, required: true\nend\n\ndef home(id:)\n Home.find(id).tap { |home| authorize! home, to: :show? }\nend\n```\n\nYou can customize the authorization options, e.g. `authorize: {to: :preview?, with: CustomPolicy}`.\n\nIf you don't want to raise an exception but return a null instead, you should set a `raise: false` option.\n\nNote: it does not make too much sense to use `authorize` in mutations since it's checking authorization rules after mutation is executed. Therefore `authorize` marked as deprecated when used in mutations and will raise error in future releases.\n\n### `authorized_scope: *`\n\nYou can add `authorized_scope: true` option to the field (list or _connection_ field) to\napply the corresponding policy rules to the data:\n\n```ruby\nclass CityType \u003c ::Common::Graphql::Type\n # It would automatically apply the relation scope from the EventPolicy to\n # the relation (city.events)\n field :events, EventType.connection_type, null: false, authorized_scope: true\n\n # you can specify the policy explicitly\n field :events, EventType.connection_type, null: false, authorized_scope: {with: CustomEventPolicy}\nend\n```\n\n**NOTE:** you cannot use `authorize: *` and `authorized_scope: *` at the same time but you can combine `preauthorize: *` or `authorize_field: *` with `authorized_scope: *`.\n\n### `preauthorize: *`\n\nIf you want to perform authorization before resolving the field value, you can use `preauthorize: *` option:\n\n```ruby\nfield :homes, [Home], null: false, preauthorize: {with: HomePolicy}\n\ndef homes\n Home.all\nend\n```\n\nThe code above is equal to:\n\n```ruby\nfield :homes, [Home], null: false\n\ndef homes\n authorize! \"homes\", to: :index?, with: HomePolicy\n Home.all\nend\n```\n\n**NOTE:** we pass the field's name as the `record` to the policy rule. We assume that preauthorization rules do not depend on\nthe record itself and pass the field's name for debugging purposes only.\n\nYou can customize the authorization options, e.g. `preauthorize: {to: :preview?, with: CustomPolicy}`.\n\n**NOTE:** unlike `authorize: *` you MUST specify the `with: SomePolicy` option.\nThe default authorization rule depends on the type of the field:\n\n- for lists we use `index?` (configured by `ActionPolicy::GraphQL.default_preauthorize_list_rule` parameter)\n- for _singleton_ fields we use `show?` (configured by `ActionPolicy::GraphQL.default_preauthorize_node_rule` parameter)\n\n### `authorize_field: *`\n\nIf you want to perform authorization before resolving the field value _on the base of the upper object_, you can use `authorize_field: *` option:\n\n```ruby\nfield :homes, Home, null: false, authorize_field: true\n\ndef homes\n Home.all\nend\n```\n\nThe code above is equal to:\n\n```ruby\nfield :homes, [Home], null: false\n\ndef homes\n authorize! object, to: :homes?\n Home.all\nend\n```\nBy default we use `#{underscored_field_name}?` authorization rule.\n\nYou can customize the authorization options, e.g. `authorize_field: {to: :preview?, with: CustomPolicy}`.\n\n### `expose_authorization_rules`\n\nYou can add permissions/authorization exposing fields to \"tell\" clients which actions could be performed against the object or not (and why).\n\nFor example:\n\n```ruby\nclass ProfileType \u003c ::Common::Graphql::Type\n # Adds can_edit, can_destroy fields with\n # AuthorizationResult type.\n\n # NOTE: prefix \"can_\" is used by default, no need to specify it explicitly\n expose_authorization_rules :edit?, :destroy?, prefix: \"can_\"\nend\n```\n\nThen the client could perform the following query:\n\n```gql\n{\n post(id: $id) {\n canEdit {\n # (bool) true|false; not null\n value\n # top-level decline message (\"Not authorized\" by default); null if value is true\n message\n # detailed information about the decline reasons; null if value is true\n reasons {\n details # JSON-encoded hash of the failure reasons (e.g., {\"event\" =\u003e [:seats_available?]})\n fullMessages # Array of human-readable reasons (e.g., [\"This event is sold out\"])\n }\n }\n\n canDestroy {\n # ...\n }\n }\n}\n```\n\nYou can specify a custom field name as well (only for a single rule):\n\n```ruby\nclass ProfileType \u003c ::Common::Graphql::Type\n # Adds can_create_post field.\n\n expose_authorization_rules :create?, with: PostPolicy, field_name: \"can_create_post\"\nend\n```\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/palkan/action_policy-graphql.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalkan%2Faction_policy-graphql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpalkan%2Faction_policy-graphql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalkan%2Faction_policy-graphql/lists"}