claro.access
Read
protocol
Protocol for explicit read permission handling. This will, after resolution, decide whether the result should be kept or replaced.
members
can-read?
(can-read? resolvable env resolution-result)
Check whether the given resolvable is visible, based on the given environment value.
The result value can be either a boolean (with false
causing all resolvables to resolve to nil
) or an error value.
Resolve
protocol
Protocol for explicit resolution permission handling. This will, before resolution, decide whether the underlying resolvable should be run or not.
This is mainly useful for mutations.
members
can-resolve?
(can-resolve? resolvable env)
Check whether the given resolvable shall be resolved, based on the given environment value.
The result value can be a deferred containing either a boolean (with false
causing all resolvables to resolve to nil
) or an error value.
wrap-access
(wrap-access engine)
Wrap the given engine with both wrap-read-access and wrap-resolve-access.
wrap-read-access
(wrap-read-access engine)
Use the Read protocol to decide whether the result of a resolvable’s resolution should be returned or not.
(defrecord Wishlist [id]
data/Resolvable
...
access/Read
(can-read? [_{:keys [session]} {:keys [creator_id]}]
(= (:person-id session) creator_id)))
Basically, this middleware can be used after resolution to enforce read permissions based on the returned result.
wrap-resolve-access
(wrap-resolve-access engine)
Use the Resolve protocol to decide whether a batch of resolvables should be attempted to be resolved.
(defrecord AddToWishlist [id item-id]
data/Mutation
data/Resolvable
...
access/Resolve
(can-resolve? [_ {:keys [session]}]
(d/future
(let [{:keys [creator_id]} (fetch-wishlist! id)]
(= (:id session) creator_id))))))
Basically, this middleware can be used before resolution to enforce permissions and is able to perform queries to allow for better decision making.