document auth pattern: return None with resolve method (#1106)

* document auth pattern: return None with resolve method * (doc, auth): also show that one can raise an exception in a resolve method
2024-11-10 19:57:15 +03:00 · 2021-02-02 09:58:21 -08:00 · 2021-02-02 09:58:21 -08:00 · d9ab8acf26
commit d9ab8acf26
parent 5dea6ffa41
1 changed files with 25 additions and 0 deletions
--- a/docs/authorization.rst
+++ b/docs/authorization.rst
@ -48,6 +48,31 @@ conversely you can use ``exclude`` meta attribute.
            exclude = ('published', 'owner')
            interfaces = (relay.Node, )

+
+Another pattern is to have a resolve method act as a gatekeeper, returning None
+or raising an exception if the client isn't allowed to see the data.
+
+.. code:: python
+
+    from graphene import relay
+    from graphene_django.types import DjangoObjectType
+    from .models import Post
+
+    class PostNode(DjangoObjectType):
+        class Meta:
+            model = Post
+            fields = ('title', 'content', 'owner')
+            interfaces = (relay.Node, )
+
+        def resolve_owner(self, info):
+            user = info.context.user
+            if user.is_anonymous:
+                raise PermissionDenied("Please login")
+            if not user.is_staff:
+                return None
+            return self.owner
+
+
 Queryset Filtering On Lists
 ---------------------------