mirror of
https://github.com/graphql-python/graphene-django.git
synced 2024-11-28 20:43:43 +03:00
document auth pattern: return None with resolve method (#1106)
* document auth pattern: return None with resolve method * (doc, auth): also show that one can raise an exception in a resolve method
This commit is contained in:
parent
5dea6ffa41
commit
d9ab8acf26
|
@ -48,6 +48,31 @@ conversely you can use ``exclude`` meta attribute.
|
||||||
exclude = ('published', 'owner')
|
exclude = ('published', 'owner')
|
||||||
interfaces = (relay.Node, )
|
interfaces = (relay.Node, )
|
||||||
|
|
||||||
|
|
||||||
|
Another pattern is to have a resolve method act as a gatekeeper, returning None
|
||||||
|
or raising an exception if the client isn't allowed to see the data.
|
||||||
|
|
||||||
|
.. code:: python
|
||||||
|
|
||||||
|
from graphene import relay
|
||||||
|
from graphene_django.types import DjangoObjectType
|
||||||
|
from .models import Post
|
||||||
|
|
||||||
|
class PostNode(DjangoObjectType):
|
||||||
|
class Meta:
|
||||||
|
model = Post
|
||||||
|
fields = ('title', 'content', 'owner')
|
||||||
|
interfaces = (relay.Node, )
|
||||||
|
|
||||||
|
def resolve_owner(self, info):
|
||||||
|
user = info.context.user
|
||||||
|
if user.is_anonymous:
|
||||||
|
raise PermissionDenied("Please login")
|
||||||
|
if not user.is_staff:
|
||||||
|
return None
|
||||||
|
return self.owner
|
||||||
|
|
||||||
|
|
||||||
Queryset Filtering On Lists
|
Queryset Filtering On Lists
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user