Update authorization docs to Graphene 2.0

* Re-write some language in "Limiting Field Access" * Added code to "Queryset Filtering On Lists" section to handle queries that return nothing * fix code to Filtering ID-based node access to work based on question [here](https://stackoverflow.com/questions/51057784/django-graphene-with-relay-restricting-queries-access-based-on-id/51958088#51958088) * Rewrote Adding Login Requirements to be Django 2.0 compatible Fixed login requirements
2024-11-23 01:57:08 +03:00 · 2018-08-29 00:37:27 -07:00 · 2018-08-29 00:37:27 -07:00 · 84d82f82a9
commit 84d82f82a9
parent 9351626ad8
1 changed files with 27 additions and 11 deletions
--- a/docs/authorization.rst
+++ b/docs/authorization.rst
@ -20,7 +20,7 @@ Let's use a simple example model.
 Limiting Field Access
 ---------------------
-This is easy, simply use the ``only_fields`` meta attribute.
+To limit fields in a GraphQL query simply use the ``only_fields`` meta attribute.
 .. code:: python
@ -63,8 +63,12 @@ define a resolve method for that field and return the desired queryset.
    class Query(ObjectType):
        all_posts = DjangoFilterConnectionField(PostNode)
-        def resolve_all_posts(self, args, info):
+        def resolve_all_posts(self, info):
-            return Post.objects.filter(published=True)
+             post = Post.objects.filter(published=True)
             if post is not None:
                 return post
             else:
                 return None
 User-based Queryset Filtering
 -----------------------------
@ -95,7 +99,7 @@ schema is simple.
    result = schema.execute(query, context_value=request)
-Filtering ID-based node access
+Filtering ID-based Node Access
 ------------------------------
 In order to add authorization to id-based node access, we need to add a
@ -113,22 +117,23 @@ method to your ``DjangoObjectType``.
            interfaces = (relay.Node, )
        @classmethod
-        def get_node(cls, id, context, info):
+        def get_node(cls, id, info):
            try:
-                post = cls._meta.model.objects.get(id=id)
+                post = cls._meta.model.objects.get(id=id, owner__user = info.context.user)
            except cls._meta.model.DoesNotExist:
                return None
-            if post.published or context.user == post.owner:
+            if post.published or info.context.user == post.owner:
                return post
            return None
-Adding login required
+Adding Login Required
 ---------------------
-If you want to use the standard Django LoginRequiredMixin_ you can create your own view, which includes the ``LoginRequiredMixin`` and subclasses the ``GraphQLView``:
+To restrict users from accessing the GraphQL API page the standard Django LoginRequiredMixin_ can be used to create your own standard Django Class Based View, which includes the ``LoginRequiredMixin`` and subclasses the ``GraphQLView``.:
 .. code:: python
    #views.py
    from django.contrib.auth.mixins import LoginRequiredMixin
    from graphene_django.views import GraphQLView
@ -137,7 +142,9 @@ If you want to use the standard Django LoginRequiredMixin_ you can create your o
    class PrivateGraphQLView(LoginRequiredMixin, GraphQLView):
        pass
-After this, you can use the new ``PrivateGraphQLView`` in ``urls.py``:
+After this, you can use the new ``PrivateGraphQLView`` in the project's URL Configuration file ``url.py``:
 For Django 1.9 and below:
 .. code:: python
@ -146,4 +153,13 @@ After this, you can use the new ``PrivateGraphQLView`` in ``urls.py``:
      url(r'^graphql', PrivateGraphQLView.as_view(graphiql=True, schema=schema)),
    ]
 For Django 2.0 and above:
 .. code:: python
    urlpatterns = [
      # some other urls
      path('graphql', PrivateGraphQLView.as_view(graphiql=True, schema=schema)),
    ]
 .. _LoginRequiredMixin: https://docs.djangoproject.com/en/1.10/topics/auth/default/#the-loginrequired-mixin