Comments (8)
@amreshprasad @alonsoenrique, Heres one way to ensure all fields for a given ObjectType are restricted to authenticated users.
If you take a look at where DjangoObjectType is defined in the source code you see that DjangoObjectType inherits from ObjectType. One of the Meta attributes for ObjectType is default_resolver.
Just so you know, here's how Graphene defines its default resolver:
def attr_resolver(attname, default_value, root, info, **args):
return getattr(root, attname, default_value)
Reading the decorator docs explains that login_required just checks that the current user is logged in (or authenticated).
Also, important to note: info.context is our Django request object.
Putting that all together we can define a custom resolver and apply it to our DjangoObjectType.
from graphql_jwt.exceptions import PermissionDenied
def auth_resolver(attname, default_value, root, info, **args):
if info.context.user.is_authenticated:
return getattr(root, attname, default_value)
raise PermissionDenied()
class UserNode(DjangoObjectType):
class Meta:
model = User
filter_fields = ['first_name', 'last_name', 'id', 'email']
interfaces = (Node, )
default_resolver = auth_resolver
As long as you set up django-graphql-jwt correctly, passing in a valid token will set the user object in info.context, and this method should work.
from django-graphql-jwt.
Hi @amreshprasad ,
Good suggestion but I do not think it corresponds to this package.
django-graphql-jwt
provides a user authentication system using JWT but not a permission system for Graphene.
Django comes with one authentication system and should also be able to define permissions on resolvers.
from django-graphql-jwt.
@amreshprasad ask in https://stackoverflow.com/. I'm also interested.
from django-graphql-jwt.
@amreshprasad done: https://stackoverflow.com/questions/52523234/authentication-authorization-for-default-resolvers
from django-graphql-jwt.
@alonsoenrique Thanks.
from django-graphql-jwt.
@mongkok The fact that you added the enhancement label - does it mean that there is no way to achieve this currently other than by explicitly defining the resolvers?
from django-graphql-jwt.
One way to bundle your resolvers is to protect the Type by the parent:
class Container:
def __init__(self, **kwargs):
for k, v in kwargs.items():
setattr(self, k, v)
class BType(graphene.ObjectType)
a = graphene.String()
b = graphene.String()
class AType(graphene.ObjectType):
c = graphene.Field(BType)
@login_required
def resolve_c(self, info, **kwargs):
return Container(a="a", b="b")
class Query(graphene.ObjectType):
protected = graphene.Field(AType)
unprotected = graphene.Field(BType)
def resolve_protected(self, info, **kwargs):
return Container()
def resolve_unprotected(self, info, **kwargs):
return Container(a="a", b="b")
The idea is, to generate only through parents access to child resolvers
This will raise if the user is not authenticated: {protected { c {a b} }}
But this will work: {unprotected { a b } }
from django-graphql-jwt.
I think this is a good proposal:
graphql-python/graphene#846
I close the issue.
from django-graphql-jwt.
Related Issues (20)
- Is it possible to turn the token field names configurable by settings?
- Understanding jwt_payload util method
- modulenotfounderror: no module named 'graphql_jwt'
- How to delete a Token from the server-side (mutation). when a user gives a logout the token will be destroyed from server-side by using mutation? is it possible? If so. please explain. HOT 2
- How can I create/set JWT Token in Django view and then redirect to Frontend? HOT 1
- fails if root object types not named Query and Mutation HOT 3
- Cant Delete Cookies With Same Settings with tokenAuth Mutation
- Implement a log out HOT 1
- TypeError: Signal.__init__() got an unexpected keyword argument 'providing_args' HOT 1
- Selective application of JWT expiration check for specific operations
- import error from strawberry_django.utlis
- Tests fails in year 2038
- Graphene 3 support? HOT 2
- TypeError: JSONWebTokenMiddleware.__init__() takes 1 positional argument but 2 were given
- from django.utils.translation import ugettext as _
- Add custom key-value pair in JWT payload.
- cannot import name 'ugettext' from 'django.utils.translation' HOT 4
- Add fingerprint to token and cookies to prevent sidejacking
- Case sensitive Username
- TypeError: Signal.__init__() got an unexpected keyword argument 'providing_args' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-graphql-jwt.