From c13bece4cdab3030cbad89abdd4c0db512031f6f Mon Sep 17 00:00:00 2001 From: Pl217 Date: Fri, 18 Jun 2021 14:24:44 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Document=20auth=20decorators=20u?= =?UTF-8?q?sage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/AUTH.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 docs/AUTH.md diff --git a/docs/AUTH.md b/docs/AUTH.md new file mode 100644 index 00000000..23e9e283 --- /dev/null +++ b/docs/AUTH.md @@ -0,0 +1,27 @@ +# Authentication + +Authentication can be used as a guard on a field, query or mutation, restricting data access or actions for a specific group of users. + +Since the codebase uses TypeGraphQL, which relies heavily on decorators, authentication is also done using decorators. + +Authentication is done with use of `@Permission` decorator. This decorator takes function as an argument with permission object as a return value. + +For example: + +```lang=js +@Permission(async (resolverData) => ({ + or: [ + { + type: 'global', + permission: 'viewOperationMetadata', + }, + { + type: 'operation', + permission: 'canViewMetadata', + id: 11, + }, + ], +})) +``` + +In this example, `id` field is hardcoded for demo purposes, but `resolverData` can be used to obtain the actual value.