handles_authorization.rb 943 B

123456789101112131415161718192021222324252627282930313233343536373839
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. module Gql::Concerns::HandlesAuthorization
  3. extend ActiveSupport::Concern
  4. included do
  5. #
  6. # Customizable methods
  7. #
  8. # Override this method to implement additional handlers.
  9. def self.before_authorize(...)
  10. true
  11. end
  12. # Override this method if an object requires custom authorization, e.g. based on Pundit.
  13. def self.authorize(...)
  14. true # Authorization is granted by default.
  15. end
  16. #
  17. # Internal methods
  18. #
  19. # This method is used by GraphQL to perform authorization on the various objects.
  20. def self.authorized?(*)
  21. # ctx = args[-1] # This may be called with 2 or 3 params, context is last.
  22. before_authorize(*)
  23. # Authorize
  24. authorize(*)
  25. rescue Pundit::NotAuthorizedError # Map to 'Forbidden'
  26. raise Exceptions::Forbidden, "Access forbidden by #{name}"
  27. end
  28. end
  29. end