Guard.authorize() multiple rules #44

smashboy · 2021-04-15T11:09:39Z

smashboy
Apr 15, 2021

Hello everyone! Is there anyway that I can pass multiple rules to Guard.authorize(), so my query/mutation resolvers will always depend on rules that are required by them.

For example right now if user has verified email he can manage all stuff, but in changeEmail mutation resolver I don't use Guard.authorize("manage", "all", resolver) , I use it like that Guard.authorize("update", "user", resolver).

It would be nice to have an ability pass multiple rules to Guard.authorize() like you can do with getAbility query resolver that comes from blitz recipe.

Answered by ntgussoni

Apr 15, 2021

Hi @smashboy "manage" and "all" are reserved words that match any resource and any ability.

Guard.authorize("update", "user", resolver) is how you should use it, and in the ability file you can either give the user the specific hability can("update", "user") or can("manage", "all") if that's the case.

If a user can("manage", "all") then Guard.authorize will always run the resolver.

I'm not sure if I understand your question correctly, but feel free to provide more examples if this isn't enough.

View full answer

ntgussoni · 2021-04-15T11:24:58Z

ntgussoni
Apr 15, 2021
Maintainer

Hi @smashboy "manage" and "all" are reserved words that match any resource and any ability.

Guard.authorize("update", "user", resolver) is how you should use it, and in the ability file you can either give the user the specific hability can("update", "user") or can("manage", "all") if that's the case.

If a user can("manage", "all") then Guard.authorize will always run the resolver.

I'm not sure if I understand your question correctly, but feel free to provide more examples if this isn't enough.

3 replies

smashboy Apr 15, 2021
Author

And what if my resolver works with different prisma models, so I need to pass multiple rules for different models to Guard.authorize? Fo example my mutation is updating user and is deleting tokens.

ntgussoni Apr 15, 2021
Maintainer

By default the initial setup provides the prisma type helper that grabs your prisma models just to make it easier to start, since it comes by default with blitz, but blitz-guard is prisma agnostic.

You can create your own Resources or Abilities, they don't necessarily have to map to any prisma model/action/
See an example here: https://ntgussoni.github.io/blitz-guard/docs/ability-file.

You could for instance do the following:

Guard.authorize("someaction", "foo", resolver)

And in the ability file grant permissions over that.
can("someaction", "foo")

You can find ways to make it more verbose,

// your mutation/query
`Guard.authorize("email", "users_and_groups", resolver)`

// ability file
...
if(condition)
   can("email", "users_and_groups");
...

smashboy Apr 15, 2021
Author

Yeah, custom abilities and resources thats probably what I need. Thakns for answering!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Guard.authorize() multiple rules #44

{{title}}

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Guard.authorize() multiple rules #44

smashboy Apr 15, 2021

Replies: 1 comment · 3 replies

ntgussoni Apr 15, 2021 Maintainer

smashboy Apr 15, 2021 Author

ntgussoni Apr 15, 2021 Maintainer

smashboy Apr 15, 2021 Author

smashboy
Apr 15, 2021

Replies: 1 comment 3 replies

ntgussoni
Apr 15, 2021
Maintainer

smashboy Apr 15, 2021
Author

ntgussoni Apr 15, 2021
Maintainer

smashboy Apr 15, 2021
Author