GraphQLite needs to know if a user is logged or not, and what rights it has. But this is specific of the framework you use.
To plug GraphQLite to your framework's security mechanism, you will have to provide two classes implementing:
Those two interfaces act as adapters between GraphQLite and your framework:
* Returns true if the "current" user is logged
public function isLogged(): bool;
* Returns an object representing the current logged user.
* Can return null if the user is not logged.
public function getUser(): ?object;
* Returns true if the "current" user has access to the right "$right"
* @param mixed $subject The scope this right applies on. $subject is typically an object or a FQCN. Set $subject to "null" if the right is global.
public function isAllowed(string $right, $subject = null): bool;
You need to write classes that implement these interfaces. Then, you must register those classes with GraphQLite.
It you are using the
SchemaFactory, you can register your classes using:
// Configure an authentication service (to resolve the @Logged annotations).
// Configure an authorization service (to resolve the @Right annotations).