From b1a75d1230078b823755a072df8f3b1ab1730938 Mon Sep 17 00:00:00 2001 From: Carlos Martinez Date: Thu, 26 Oct 2017 14:58:37 -0500 Subject: [PATCH] Update auth documentation --- docs/authorization.rst | 84 ++++++++++++++++++++++++++++++ graphene_django/auth/__init__.py | 11 ++++ graphene_django/tests/test_auth.py | 1 - 3 files changed, 95 insertions(+), 1 deletion(-) diff --git a/docs/authorization.rst b/docs/authorization.rst index 1e2ec81..04cb1e0 100644 --- a/docs/authorization.rst +++ b/docs/authorization.rst @@ -123,6 +123,90 @@ method to your ``DjangoObjectType``. return post return None +Require permissions +--------------------- + +If you want you can require Django permissions to access to *Nodes*, +*Mutations* and *Connections*. + +Node example: + +.. code:: python + from graphene_django.types import DjangoObjectType + from graphene_django.auth import node_require_permission + from .models import Reporter + + class ReporterType(DjangoObjectType): + + class Meta: + model = Reporter + interfaces = (Node, ) + + @classmethod + @node_require_permission(permissions=('can_view_report',, 'can_edit_foo', )) + def get_node(cls, info, id): + return super(ReporterType, cls).get_node(info, id) + +Mutation example: + +.. code:: python + from rest_framework import serializers + from graphene_django.types import DjangoObjectType + from graphene_django.auth import node_require_permission + from graphene_django.rest_framework.mutation import SerializerMutation + from .models import Reporter + + + class ReporterSerializer(serializers.ModelSerializer): + class Meta: + model = Reporter + fields = '__all__' + + + class MyMutation(SerializerMutation): + class Meta: + serializer_class = ReporterSerializer + + @classmethod + @mutation_require_permission(permissions=('can_view_foo', 'can_edit_foo', )) + def mutate_and_get_payload(cls, root, info, **input): + return super(MyMutation, cls).mutate_and_get_payload(root, info, **input) + +Connection example: + +.. code:: python + import graphene + from graphene_django.fields import DjangoConnectionField + from graphene_django.auth import connection_require_permission, node_require_permission + from graphene_django.types import DjangoObjectType + from .models import Reporter + + class ReporterType(DjangoObjectType): + + class Meta: + model = Reporter + interfaces = (Node, ) + + @classmethod + @node_require_permission(permissions=('can_view_report',, 'can_edit_foo', )) + def get_node(cls, info, id): + return super(ReporterType, cls).get_node(info, id) + + class MyAuthDjangoConnectionField(DjangoConnectionField): + + @classmethod + @connection_require_permission(permissions=('can_view_foo', )) + def connection_resolver(cls, resolver, connection, default_manager, max_limit, + enforce_first_or_last, root, info, **args): + return super(MyAuthDjangoConnectionField, cls).connection_resolver( + resolver, connection, default_manager, max_limit, + enforce_first_or_last, root, info, **args) + + class Query(graphene.ObjectType): + all_reporters = MyAuthDjangoConnectionField(ReporterType) + + + Adding login required --------------------- diff --git a/graphene_django/auth/__init__.py b/graphene_django/auth/__init__.py index e69de29..5cba383 100644 --- a/graphene_django/auth/__init__.py +++ b/graphene_django/auth/__init__.py @@ -0,0 +1,11 @@ +from .decorators import ( + node_require_permission, + mutation_require_permission, + connection_require_permission +) + +__all__ = [ + 'node_require_permission', + 'mutation_require_permission', + 'connection_require_permission' +] diff --git a/graphene_django/tests/test_auth.py b/graphene_django/tests/test_auth.py index e00438f..d10f26e 100644 --- a/graphene_django/tests/test_auth.py +++ b/graphene_django/tests/test_auth.py @@ -58,7 +58,6 @@ user_anonymous = MockUserContext(authenticated=False) user_with_permissions = MockUserContext(authenticated=True, perms=('can_view_foo', 'can_view_bar')) -# Mutations class MyFakeModel(models.Model): cool_name = models.CharField(max_length=50)