graphql-python/graphene-django
1
1
Fork 0
mirror of https://github.com/graphql-python/graphene-django.git synced 2025-04-25 11:23:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'permissions-to-fields#3' into permission-to-type#5

Browse Source 
# Conflicts:
#	graphene_django/fields.py
This commit is contained in:
Olivia Rodriguez Valdes 2019-03-01 12:48:37 -05:00
commit e7a4538a3e
3 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
graphene_django/fields.py
View File

@ -154,16 +154,18 @@ class DjangoConnectionField(ConnectionField):
)
class DjangoField(Field):
class PermissionField(Field):
"""Class to manage permission for fields"""
def __init__(self, type, permissions, permissions_resolver=auth_resolver, *args, **kwargs):
def __init__(self, type, permissions=(), permissions_resolver=auth_resolver, *args, **kwargs):
"""Get permissions to access a field"""
super(DjangoField, self).__init__(type, *args, **kwargs)
super(PermissionField, self).__init__(type, *args, **kwargs)
self.permissions = permissions
self.permissions_resolver = permissions_resolver
def get_resolver(self, parent_resolver):
"""Intercept resolver to analyse permissions"""
return partial(get_unbound_function(self.permissions_resolver), self.resolver or parent_resolver,
self.permissions, None, None, True)
parent_resolver = super(PermissionField, self).get_resolver(parent_resolver)
if self.permissions:
return partial(get_unbound_function(self.permissions_resolver), parent_resolver, self.permissions, None, None, True)
return parent_resolver

8
graphene_django/tests/test_fields.py
View File

@ -1,6 +1,6 @@
from unittest import TestCase
from django.core.exceptions import PermissionDenied
from graphene_django.fields import DjangoField
from graphene_django.fields import PermissionField
class MyInstance(object):
@ -10,11 +10,11 @@ class MyInstance(object):
return "resolver method"
class DjangoPermissionFieldTests(TestCase):
class PermissionFieldTests(TestCase):
def test_permission_field(self):
MyType = object()
field = DjangoField(MyType, permissions=['perm1', 'perm2'], source='resolver')
field = PermissionField(MyType, permissions=['perm1', 'perm2'], source='resolver')
resolver = field.get_resolver(None)
class Viewer(object):
@ -30,7 +30,7 @@ class DjangoPermissionFieldTests(TestCase):
def test_permission_field_without_permission(self):
MyType = object()
field = DjangoField(MyType, permissions=['perm1', 'perm2'], source='resolver')
field = PermissionField(MyType, permissions=['perm1', 'perm2'], source='resolver')
resolver = field.get_resolver(field.resolver)
class Viewer(object):

3
graphene_django/utils.py
View File

@ -125,7 +125,10 @@ def auth_resolver(parent_resolver, permissions, attname, default_value, raise_ex
:return: Resolved field. None if the viewer does not have permission to access the field.
"""
# Get viewer from context
if not hasattr(info.context, 'user'):
raise PermissionDenied()
user = info.context.user
if has_permissions(user, permissions):
if parent_resolver:
# A resolver is provided in the class