begin

This class was generated by the scaffold generator. It contains methods to handle authentication, authorization and access, using the User model. Default routes are created for each of this method (use 'surikat list routes' or look inside config/routes.yml to see them). Example queries/mutations can be found in the comments for each method.

Generated at

%{time}

To test these queries, run 'rspec -f d spec/aaa_spec.rb'

end

class AAAQueries < Surikat::BaseQueries

begin

Description: Authenticate a user. On successful authentication, Surikat will save the id of the user in the session, and then return the session key, which the frontend client must then carry to the next request. If the authentication was not successful, a nil value is returned. Query Name: Authenticate

Input: { 'email' => String, 'password' => String }

OutputType: Boolean

Query Example: { Authenticate(email: 'a@b.c', password: 'abc') }

end

def authenticate
  user = User.authenticate(arguments)
  return nil unless user

  session[:user_id] = user.id
  session[:logged_in_at] = Time.now

  true
end

begin

Description: Log a user out. The user's session is destroyed. Query Name: Logout

OutputType: Boolean (always true)

Query Example: { Logout }

end

def logout
  session.delete :user_id
  true
end

begin

Description: Returns the current user. Normally there's little reason to call this; the assumption is that the frontend remembers who the current user is. Query Name: CurrentUser

OutputType: User

Query Example: { CurrentUser {

  id
  email
}

}

end

def current_user
  User.where(id: session[:user_id]).first
end

begin

Description: Login as another user. The route for this query should have a permitted_roles value of ['superadmin'] or something similar, so that only superadmins may login as somebody else. The id of the current user is preserved in the session inside superadmin_id and is used by another query, BackFromLoginAs. Query Name: LoginAs

OutputType: Boolean

Query Example: { LoginAs(user_id: 2) }

end

def login_as
  new_user = User.where(id: arguments['user_id']).first
  if new_user
    current_user_id         = session[:user_id]
    session[:user_id]       = new_user.id
    session[:logged_in_at]  = Time.now
    session[:superadmin_id] = current_user_id
  end
end

begin

Description: After having logged in as someone else, the superadmin can become again his own self. Query Name: BackFromLoginAs

OutputType: Boolean

Query Example: { BackFromLoginAs }

end

def back_from_login_as
  superadmin = User.where(id: session[:superadmin_id]).first
  if superadmin
    session[:user_id]       = superadmin.id
    session[:superadmin_id] = nil
  end
end

begin

Just some demo queries used by the rspec tests. If you delete them, make sure to also delete the relevant tests in spec/aaa_spec.rb.

end

def demo_one
  u = User.where(id: session[:user_id]).first
  "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]}."
end

def demo_two
  u = User.where(id: session[:user_id]).first
  "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]} (and you have an acceptable user role)."
end

def demo_three
  u = User.where(id: session[:user_id]).first
  "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]} (and you have an acceptable user role)."
end

end