Verify there is a viewer on context

2025-04-25 19:43:51 +03:00 · 2019-03-01 12:40:54 -05:00 · 2019-03-01 12:40:54 -05:00 · ad2342a08b
commit ad2342a08b
parent 063cced585
1 changed files with 3 additions and 0 deletions
--- a/graphene_django/utils.py
+++ b/graphene_django/utils.py
@ -122,7 +122,10 @@ def auth_resolver(parent_resolver, permissions, raise_exception, root, info, **a
    :return: Resolved field. None if the viewer does not have permission to access the field.
    """
    # Get viewer from context
+    if not hasattr(info.context, 'user'):
+        raise PermissionDenied()
    user = info.context.user
+
    if has_permissions(user, permissions):
        if parent_resolver:
            # A resolver is provided in the class