What Happened
I have been working on an esports news submission web application for the last 2 months now (with a hearty break during December, so maybe closer to a month). Recently, I completed the article submission component. I mounted this component through a submit article page on the site. After getting the functionality running I wanted to make it so only users could submit an article. And, rather than having them write out the article to only be denied, I thought "why not let them know upfront you have to be logged in to submit an article?"
I started working through this process. My initial idea was to run a current user query within the component to get access to the current user's id. If this didn't return any data then I would know that the user was not logged in. After writing this up I could not find a way to encapsulate the submission Mutation within a user Query. After trying a few different methods everyone returned errors. Taking a step back I saw a solution.
The Solution
Taking that step back I saw a solution on the Next.js page that is used to mount the article submission component. By utilizing the <User> component, I could wrap the <Submit> component within the <User> component's returned data. For further clarity, here is the full <User> component:
import { Query } from "react-apollo";
import gql from "graphql-tag";
import PropTypes from "prop-types";
const CURRENT_USER_QUERY = gql`
query {
me {
id
email
name
permissions
}
}
`;
const User = props => (
<Query {...props} query={CURRENT_USER_QUERY}>
{payload => props.children(payload)}
</Query>
);
User.propTypes = {
children: PropTypes.func.isRequired
};
export default User;
export { CURRENT_USER_QUERY };
So, if we take that payload returned from the component we can pass this to the <Submit> component via a prop. Taking this approach we can change our submit.js page from
import React, { Component } from "react";
import Submit from "../components/Submit";
const submit = () => <Submit />;
export default submit;
To something that will gather data from the <User> component.
import React, { Component } from "react";
import { Query } from "react-apollo";
import Submit from "../components/Submit";
import User from "../components/User";
import Signin from "../components/Signin";
const submit = () => <User>{({ data }) => <Submit isLoggedIn={data} />}</User>;
export default submit;
The payload here is then passed to <Submit> within the isLoggedIn prop. Taking that prop, we can use some if/else statements to either render the submission form or render a login page, depending on what the current user status is.
render() {
if (this.props.isLoggedIn.me) {
return (
Submission form code here
)
} else {
login form, message, or redirect here
}
}
So, if isLoggedIn.me exists, then the user is logged in. The me part of this comes from the CURRENT_USER_QUERY. The query returns id, email, name, permission. We could use any one of these, including isLoggedIn.me.permission to make sure they are part of a group authorized to access this, but within the web application, any logged-in user is allowed to submit an article.
The Conclusion
This strategy could be utilized for any level of authorization. If this was an admin form I could take the returned data and look for the permission part of the object (this is defined in the query from <User> and stored in the database for each user). This particular time, I only look for any data at all. As long as that data exists, the user is logged in. This is another excellent lesson in always taking a step back in what we are doing. I spent longer on this then I should but it was because I tried so many different iterations of how I thought it was supposed to work, rather than taking a few minutes to review my thought process and take a different approach.
Thank you for reading. As always, feel free to leave any comments about the code, my thought process, what I could be doing better, or just saying hey.
Top comments (0)