How to modify context for child fields in graphql-ruby?

Question

I have query like this:

query {
  organizations {
    id
    name
    itemA {
      fieldA
      fieldB
    }
  }
}

returns

"data": {
  "organizations": [
    {
      "id": 123, 
      "name": "first org",
      "itemA": {
        "fieldA": "some value A",
        "fieldB": "other value B",
      }
    },
    {
      "id": 321, 
      "name": "other org",
      "itemA": {
        "fieldA": "other value A",
        "fieldB": "value B",
      }
    }
  ]
}

One user have access to multiple organizations, but with different access rights for each org.

I need to have organization.id when fieldA and fieldB are resolved to validate access.

I tried to use context.merge_scoped!(organiozation_id: org.id) in resolver for a field, that returns single org. Looks like it do what I need, child fields received correct value in context but I'm not sure. There is no documentation for that method and for scoped_context in general.

Also, if scoped_context is what I need, how can I set it for a list of items?

UPD: sample query

query {
  organizations { // I need to pass item of this list to resolver of ItemA
    someModel{
      otherModel {
        itemA // access depened on organization`
      }
    }
  }
}

score 1 · Accepted Answer · answered Sep 29 '22 at 17:35

1

Feature was documented in newer version: https://graphql-ruby.org/queries/executing_queries.html#scoped-context

answered Sep 29 '22 at 17:35

Andrii H

21
4

score 0 · Answer 2 · answered Aug 07 '21 at 11:32

I'm not 100% sure I got your problem, but I think what you need should be "transparent" to GQL.

You need two things to correctly list "items" for an organization: 1. which organization and 2. who is asking:

# type organization
def itemA
  object # this is 1, the organization, current node in the graph
    .get_fields_accessible_by(context[:who_is_asking]) # this is requirement 2
end

As you can see, there seems not to be a reason to manipulate context at all. (Unless I missed the point completely, so feel free to amend your question to clarify).

Access management is done per organization. Query may take data for multiple organizations. `itemA` may be deeper, not directly in the organization. Added sample query to question. — Andrii H, Aug 11 '21 at 08:27

score 0 · Answer 3 · answered Oct 08 '21 at 20:44

Could you try :

context[:organisation] = object #set this value in your organisation model

access it in another model using, current[:organisation]

Additionally, you can create helper method

something like

def current_organisation
  context[:current_organisation]
end

Thanks

How to modify context for child fields in graphql-ruby?

3 Answers3