This PR implements some basic absinthe middleware modules so that we can easily protect GraphQL resolvers in a declarative way.
These middleware are designed for easy use cases only.
For more complex checks, we can implement more focused authorisation checks in the resolvers themselves if that's needed.
List of middleware implemented in this PR:
RequireDaAdmin
RequireGroupAdmin
RequireDaAdminOrGroupAdmin
Also this PR is now hardcoding DistributeAid as the default group, with well known id 0. This allows use to rename the group if necessary, but the toolbox will still know it is the default group. And users in that group with the admin role will be considered DistributeAid admins and they will have privileged access to user account management in this group and any other group in the system.
However, admin users in groups other than DistributeAid will have user account management permissions in those specific groups only.
This PR implements some basic absinthe middleware modules so that we can easily protect GraphQL resolvers in a declarative way.
These middleware are designed for easy use cases only.
For more complex checks, we can implement more focused authorisation checks in the resolvers themselves if that's needed.
List of middleware implemented in this PR:
Also this PR is now hardcoding
DistributeAid
as the default group, with well known id0
. This allows use to rename the group if necessary, but the toolbox will still know it is the default group. And users in that group with theadmin
role will be considered DistributeAid admins and they will have privileged access to user account management in this group and any other group in the system.However, admin users in groups other than
DistributeAid
will have user account management permissions in those specific groups only.Fixes #100