-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic ID resolver generators too tightly coupled to RAD Authorization #12
Comments
So, there is a do/wrap-resolve (it was there but undocumented) that can be used to transform the autogenerated resolvers. So, something like:
is possible. Is that sufficient, or should we consider something else? |
And yes, RAD's auth is definitely not meant to be there still (in db adapter)...should be deprecated at best. |
I'm currently working on generalizing RAD's authorization, and am building on a lot of what exists already (only minor changes so far). What's there is a great start in my opinion.
Yeah that's what I'm currently doing in my authorization work. You can put it right into the parser constructor next to the other pathom plugins. (defstate parser
:start
(pathom/new-parser config
[(attr/pathom-plugin all-attributes)
(form/pathom-plugin save/middleware delete/middleware)
(datomic/pathom-plugin (fn [_env] {:production (:main datomic-connections)}))
(blob/pathom-plugin bs/temporary-blob-store {:files bs/file-blob-store
:avatar-images bs/image-blob-store})]
auth/pathom-plugin
[
automatic-resolvers
form/resolvers
(blob/resolvers all-attributes)
index-explorer
,,,
(auth/generate-authorization-resolvers all-attributes)]))
I'll open a PR with it yanked. |
I'm working on RAD authorization for my project, and I've noticed that the built-in RAD Auth is depended upon by the Datomic/Cloud automatic ID resolver generators, namely here and here.
This is a bit unfortunate, because it "blesses" RAD's authorization implementation with no means to work around it.
I'm wondering if this is still necessary following the work done by @tylernisonoff in #10, which adds generic transform capability. It seems likely that RAD's
redact
routine could be moved out into a transform, and could then be opted into/out of at will by library users.I'm willing to make this change, but I want to make sure I'm not missing something obvious.
Thanks for taking a look.
The text was updated successfully, but these errors were encountered: