(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[1715],{1798:function(s,e,n){(window.__NEXT_P=window.__NEXT_P||[]).push(["/docs/plugins/authz",function(){return n(1341)}])},1341:function(s,e,n){"use strict";n.r(e),n.d(e,{__N_SSG:function(){return c},frontmatter:function(){return t}});var l=n(5250),a=n(7160),i=n(3210),c=!0;let t={name:"Authz plugin",title:"Authz plugin for Pothos GraphQL",menu:"Plugins",description:"Authz plugin docs for Pothos"},h=i.k;function r(s){let e=Object.assign({h1:"h1",p:"p",a:"a",h2:"h2",h3:"h3",pre:"pre",code:"code",span:"span"},(0,a.ah)(),s.components);return(0,l.jsxs)(l.Fragment,{children:[(0,l.jsx)(e.h1,{id:"authz-plugin",children:"AuthZ plugin"}),"\n",(0,l.jsxs)(e.p,{children:["This is a simple plugin for integrating with\n",(0,l.jsx)(e.a,{href:"https://github.com/AstrumU/graphql-authz",children:"GraphQL AuthZ"})]}),"\n",(0,l.jsxs)(e.p,{children:["For more details on GraphQL AuthZ see the official\n",(0,l.jsx)(e.a,{href:"https://github.com/AstrumU/graphql-authz",children:"documentation here"})]}),"\n",(0,l.jsx)(e.h2,{id:"usage",children:"Usage"}),"\n",(0,l.jsx)(e.h3,{id:"install",children:"Install"}),"\n",(0,l.jsx)(e.pre,{children:(0,l.jsx)(e.code,{className:"hljs language-bash",children:"yarn add @pothos/plugin-authz\n"})}),"\n",(0,l.jsx)(e.h3,{id:"setup",children:"Setup"}),"\n",(0,l.jsx)(e.pre,{children:(0,l.jsxs)(e.code,{className:"hljs language-typescript",children:[(0,l.jsx)(e.span,{className:"hljs-keyword",children:"import"})," ",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"AuthzPlugin"})," ",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"from"})," ",(0,l.jsx)(e.span,{className:"hljs-string",children:"'@pothos/plugin-authz'"}),";\n\n",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"const"})," builder = ",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"new"})," ",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"SchemaBuilder"}),"<{\n  ",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"AuthZRule"}),": keyof ",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"typeof"})," rules;\n}>({\n  ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"plugins"}),": [",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"AuthzPlugin"}),"],\n});\n"]})}),"\n",(0,l.jsx)(e.p,{children:"This plugin will add the rules to your schema, but you will still need to set up your server (or\nexecute function) to run the authorization checks. The implementation of this depends on how your\napp is set up."}),"\n",(0,l.jsx)(e.p,{children:"A simple example that just wraps the execute function might look like:"}),"\n",(0,l.jsx)(e.pre,{children:(0,l.jsxs)(e.code,{className:"hljs language-typescript",children:[(0,l.jsx)(e.span,{className:"hljs-keyword",children:"import"})," { execute } ",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"from"})," ",(0,l.jsx)(e.span,{className:"hljs-string",children:"'graphql'"}),";\n",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"import"})," { wrapExecuteFn } ",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"from"})," ",(0,l.jsx)(e.span,{className:"hljs-string",children:"'@graphql-authz/core'"}),";\n",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"import"})," rules ",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"from"})," ",(0,l.jsx)(e.span,{className:"hljs-string",children:"'./auth-rules'"}),";\n\n",(0,l.jsx)(e.span,{className:"hljs-keyword",children:"const"})," wrappedExecute = ",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"wrapExecuteFn"}),"(execute, { rules });\n"]})}),"\n",(0,l.jsx)(e.h2,{id:"defining-rules-for-fields",children:"Defining rules for fields"}),"\n",(0,l.jsx)(e.pre,{children:(0,l.jsxs)(e.code,{className:"hljs language-typescript",children:["builder.",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"queryType"}),"({\n  ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"fields"}),": ",(0,l.jsxs)(e.span,{className:"hljs-function",children:["(",(0,l.jsx)(e.span,{className:"hljs-params",children:"t"}),") =>"]})," ({\n    ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"users"}),": t.",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"field"}),"({\n      ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"type"}),": [",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"User"}),"],\n      ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"authz"}),": {\n        ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"rules"}),": [",(0,l.jsx)(e.span,{className:"hljs-string",children:"'IsAuthenticated'"}),"],\n      },\n      ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"resolve"}),": ",(0,l.jsx)(e.span,{className:"hljs-function",children:"() =>"})," users,\n    }),\n  }),\n});\n"]})}),"\n",(0,l.jsx)(e.h2,{id:"defining-rules-for-types",children:"Defining rules for types"}),"\n",(0,l.jsx)(e.pre,{children:(0,l.jsxs)(e.code,{className:"hljs language-typescript",children:[(0,l.jsx)(e.span,{className:"hljs-keyword",children:"const"})," ",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"Post"})," = builder.",(0,l.jsx)(e.span,{className:"hljs-property",children:"objectRef"}),"<",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"IPost"}),">(",(0,l.jsx)(e.span,{className:"hljs-string",children:"'Post'"}),");\n\n",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"Post"}),".",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"implement"}),"({\n  ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"authz"}),": {\n    ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"rules"}),": [",(0,l.jsx)(e.span,{className:"hljs-string",children:"'CanReadPost'"}),"],\n  },\n  ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"fields"}),": ",(0,l.jsxs)(e.span,{className:"hljs-function",children:["(",(0,l.jsx)(e.span,{className:"hljs-params",children:"t"}),") =>"]})," ({\n    ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"id"}),": t.",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"exposeID"}),"(",(0,l.jsx)(e.span,{className:"hljs-string",children:"'id'"}),"),\n  }),\n});\n"]})}),"\n",(0,l.jsx)(e.h2,{id:"defining-inline-composite-rules",children:"Defining inline composite rules"}),"\n",(0,l.jsx)(e.pre,{children:(0,l.jsxs)(e.code,{className:"hljs language-typescript",children:[(0,l.jsx)(e.span,{className:"hljs-keyword",children:"const"})," ",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"Post"})," = builder.",(0,l.jsx)(e.span,{className:"hljs-property",children:"objectRef"}),"<",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"IPost"}),">(",(0,l.jsx)(e.span,{className:"hljs-string",children:"'Post'"}),");\n\n",(0,l.jsx)(e.span,{className:"hljs-title class_",children:"Post"}),".",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"implement"}),"({\n  ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"authz"}),": {\n    ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"compositeRules"}),": [{ ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"or"}),": [",(0,l.jsx)(e.span,{className:"hljs-string",children:"'CanReadPost'"}),", ",(0,l.jsx)(e.span,{className:"hljs-string",children:"'IsAdmin'"}),"] }],\n  },\n  ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"fields"}),": ",(0,l.jsxs)(e.span,{className:"hljs-function",children:["(",(0,l.jsx)(e.span,{className:"hljs-params",children:"t"}),") =>"]})," ({\n    ",(0,l.jsx)(e.span,{className:"hljs-attr",children:"id"}),": t.",(0,l.jsx)(e.span,{className:"hljs-title function_",children:"exposeID"}),"(",(0,l.jsx)(e.span,{className:"hljs-string",children:"'id'"}),"),\n  }),\n});\n"]})}),"\n",(0,l.jsxs)(e.p,{children:["More details about composite rules are in the documentation of\n",(0,l.jsx)(e.a,{href:"https://github.com/AstrumU/graphql-authz#inline-composition-rules",children:"AuthZ"})]})]})}e.default=function(){let s=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};return(0,l.jsx)(h,Object.assign({},s,{children:(0,l.jsx)(r,s)}))}}},function(s){s.O(0,[8430,3210,9774,2888,179],function(){return s(s.s=1798)}),_N_E=s.O()}]);