Adding an Authorization Policy

This guide will help you add an Authorization Policy.

Requirements

So that you can follow the steps in this tutorial, you should be familiar with the required directory structure for your codebase, and understand the concept of Authorization Policy. You will also need the GraphQL query current_user, created in a previous tutorial.

Steps

Adding an Authorization Policy is a two-step process:

Step 1: Create Authorization Policy file

To add an Authorization Policy, create a file in the app/authorization_policies/ directory, for example only_allowed_by_johns.liquid.

Step 2: Edit Authorization Policy file

You are allowed to use all Liquid features and GraphQL in your Authorization Policy.

Assuming you have previously prepared the GraphQL query current_user, an example of a policy file can look like this:


---
name: only_allowed_by_johns
---
{% graphql g = 'current_user' %}
{% if g.current_user.first_name == 'John' %}true{% endif %}

In this example, only users with the first name John will be allowed to perform action with this policy.

Next steps

Congratulations! You know how to add an Authorization Policy. Now you can learn about associating the Authorization Policy with a Form.

Questions?

We are always happy to help with any questions you may have.