Created
December 15, 2019 10:17
-
-
Save joeydebreuk/dbd0a7c27a2a42f4dff48019f00c571e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def permission_middleware(next, root, info, **args): | |
| """ | |
| Passes trough every field. | |
| next: Call next to continue evaluation. | |
| root: model instance which the field belongs to | |
| args: dict of arguemnts passed to the field | |
| Info params: | |
| - field_name | |
| - field_asts (info about field) | |
| - return_type (of field) | |
| - parent_type (which object type does field belong to) | |
| - schema | |
| - fragments | |
| - root_value | |
| - operation | |
| - variable_values | |
| - context (request) | |
| - path (all parent fields in an array) | |
| """ | |
| parent_type = info.parent_type | |
| user = info.context.user | |
| field_name = info.field_name | |
| # make sure no private info can be retrieved by other users | |
| if str(parent_type) == str(UserType) and root.id != user.id and field_name not in UserType.PUBLIC_FIELDS: | |
| # logger.exception(Exception(f"{user} not allowed to query {field_name} on user: {root}")) | |
| return None | |
| if str(parent_type) == str(ProjectType) and not root.is_user(user.id): | |
| # logger.exception(Exception(f"{user} not allowed to query {field_name} on project: {root}")) | |
| return None | |
| return next(root, info, **args) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment