Authorization Policies allow you to restrict access to forms and pages in a flexible way. Each form and page can have multiple policies attached to it.
Each policy is parsed using Liquid, and the system checks them in order of their appearance in the
If the content of the policy evaluates to anything other than
true, the policy is considered violated and the system will not proceed with executing action (like submitting a form or rendering a page).
Apart from pulling data from GraphQL you also have access to a variable called
object (be careful not to override it).
Depending on where the Authorization Policy is called from, this object contains:
formobject in Form Configuration context
pageobject in page context
- Adding an Authorization Policy
- Associating an Authorization Policy with Form Configuration
- Associating an Authorization Policy with a Page
- Handling a Violated Authorization Policy