taoufik07 / django-graphene-permissions Goto Github PK
View Code? Open in Web Editor NEWDGP - A DRF like permission system for django graphene
License: BSD 3-Clause "New" or "Revised" License
DGP - A DRF like permission system for django graphene
License: BSD 3-Clause "New" or "Revised" License
Hello! What's the difference to this repo https://github.com/redzej/graphene-permissions ?
This project is properly blocking access. However when using libraries that check status codes, a 200 looks like a success, when it really isn't.
Can this package work without relay.Node interfaces?
Checking for permissions happens in get_node func, but if used without relay, this func never gets called.
suppose i want only admin and retailer can access the api but, not any other user like Customer, doctor, etc
then how can i use these two permission at same time for single API?
i have tried this but failed
Ex:
@permissions_checker([IsAdmin, IsRetailer])
Is there any way to use more than one permission at a time, please reply.....
I couldn't figure it out how to use it to implement permissions per object. Can you provide some examples of queries and mutations based on permissions per object?
Like a simple project manager where where a manager can add user stories to a project and to sprints and the rest of the members only can see the user stories from the current sprint, and a user can be the manager of one project, and a member in another one
Hi,
I have a question for adding permission for SerializerMutation
, because some of my mutations are created from it.
# schema.py
from graphene_django.rest_framework.mutation import SerializerMutation
class CreateUpdateContract(SerializerMutation):
class Meta:
serializer_class = ContractsListSerializer
class Mutation(graphene.ObjectType):
create_contract = CreateUpdateContract.Field()
update_contract = CreateUpdateContract.Field()
Is there a way to add permission for this class? I tried to wrap @permissions_checker
for the SerializerMutation
in this way:
class SerializerMutationWithPermission(SerializerMutation):
class Meta:
abstract = True
@classmethod
@permissions_checker([IsAuthenticated, MyPermission])
def mutate_and_get_payload(cls, root, info, **input):
kwargs = cls.get_serializer_kwargs(root, info, **input)
serializer = cls._meta.serializer_class(**kwargs)
if serializer.is_valid():
return cls.perform_mutate(serializer, info)
else:
errors = ErrorType.from_errors(serializer.errors)
return cls(errors=errors)
class MyPermission(BasePermission):
@staticmethod
def has_permission(context):
return context.user.groups.filter(name = 'staff').exists() or context.user.is_superuser
But I encountered an error saying 'NoneType' object has no attribute 'context'
when I performed this mutation. Could you please advise? Thank you!
I am not sure if this is by design, but I was surprised when I realized has_object_permission
does not fire for a list of objects within another node. In order to overcome, I ended up introducing an authorization middleware such as:
from django_graphene_permissions import PermissionDenied, check_object_permissions
class AuthorizationMiddleware(object):
"""
Make sure to filter out objects where the info.context (e.g. the authenticated user)
does not have the authorization to query.
"""
def resolve(self, next, root, info, **args):
result = next(root, info, **args)
try:
if check_object_permissions(
info.return_type.graphene_type.permission_classes(),
info.context,
result.value,
):
return result
else:
raise PermissionDenied()
except AttributeError:
return result
This is heavily inspired by graphql-python/graphene#385 (comment) .
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.