The Absinthe book is thought provoking,
https://pragprog.com/book/wwgraphql/craft-graphql-apis-in-elixir-with-absinthe
and has helped me navigate the library.
I was wondering about a few things.
Putting Authorisation in Schema middleware is on the one hand convenient, e.g.
#schema
field :user_profiles, list_of :user_profile do
middleware Schema.Middleware.Authorise, :some_permission
(&UserProfileResolver.all/2) |> Utils.handle_errors |> resolve
end
on the other repetitive (because I have have so many useful âedgesâ to protect as well as ânodesâ), e.g.
# types
object :user do
field :id, non_null :positive_int
...
field :user_profile, :user_profile do
resolve &UserResolver.user_profile_association/3
end
...
end
Taking FBâs advice I will push my authorisation into business logic and away from the schema, where I have one source of truth, which seems sensible.
Perhaps it would be good to emphasise this trade-off more in the book?
The book does in fact show a way of pushing authentication context into the business logic & resolvers, e.g.
# schema
field :user_profiles, list_of :user_profile do
(fn a, b, %{context: context} -> UserProfileResolver.all a, b, context end)
|> Utils.handle_errors
|> resolve
end
It seems like a good, and potentially popular way to implement things.
Is there a neater way of doing this? I suspect there is, but I cannot figure it out.
It seems v verbose, but perhaps thatâs OK.
Here I found a nice way of treating partially errored results, which is really smart, especially when it comes to authorisation.
Is there anywhere I can find some good examples for this?
I suspect itâs the nature of the GraphQL beast that many edges / fields need such a Union type. Perhaps providing something like a âmaybeâ or âoptionâ type out of the box from the library would be helpfulâŠ