Today I’m “celebrating” the anniversary of my life with GraphQL in production Rails apps—1 year full of trials and errors, misses and hits, wtf-s and successes.
As an open source addict, I especially loved working with GraphQL: it’s a rather young technology, and hence there is a lot of opportunities for contributions (at least, in Ruby world) and experiments.
And now I’m presenting the result of one such experiment—the
action_policy-graphql gem, which glues together GraphQL Ruby and Action Policy authorization library.
Wait, Action Policy, was ist das*?
* “what is it” in German (I’m listening to Rammstein while writing this post 🎸)
About the same time as I’ve started working with GraphQL, I’ve presented a new Ruby authorization library, Action Policy, to the world (at RailsConf 2018).
Action Policy has been extracted from multiple projects I’ve been working on in the last few years. It’s ideologically similar to Pundit (and initially was built on top of it) but provides a bunch of additional features out-of-the-box (and has a very different architecture inside).
One of these features is an ability to provide an additional context on why the authorization check failed—failure reasons tracking.
This feature has been a dark horse for a long time, we barely used it (mostly for debugging purposes) until we started working with GraphQL—that’s when the ugly duckling turned into a beautiful swan.