Responses to the discussion on Github
in same problem i want access ctx.request.body
and ctx.response.body
in policy (request by graphql)
Maintainer
Hello, a policy is in reality a middleware that is apply to defined routes.
And wall just before the controller action.
A middleware is global to the stack, call every times and you can manage the ordre.
After that I just tried that
Path — config/policies/test.js
module.exports = async (ctx, next) => { console.log(ctx.body); await next(); console.log(ctx.body); };
Then I applied it to a find
route of my articles collection type and it works well… I’m able to access the data.
Author
Thanks @lauriejim for looking in to this.
What you said is probably true only for REST apis, not GraphQL.
After posting this question month ago, I have looked at the code here (+ 3 similar occurences) and found that policies for GraphQL resolvers are only applied before the resolver. For my use case (implementing specific authorization policies ) I had to patch strapi-plugin-graphql like this to run it after the call but it’s far from ideal and the whole resolvers-builder.js
file needs to be refactored to run resolver in the middle of the policy/middleware stack, not after it.
I think this is a bug and policies should behave similarly for REST and GraphQL invocations.
Maintainer
Ping @alexandrebodin about that point.
Author
@lauriejim,
another item you haven’t answered is sharing data between policies and middlewares.
If I try to set any variable on the context ctx.myVar= ‘something’ in middleware or policy, it’s undefined in the other. But sharing a variable between different middlewares works fine.
Basically middleware and policies are siloed and can’t share data.
Maintainer
You can use the ctx.state
object to do that.
It’s what we are using to share the authenticated user data across all the middleware stack.