我想用django-graphene做一个API,但我希望在用户发出请求时应用django默认组权限,如果他的用户组允许他进行CRUD,则会有权限。
感谢。
答案 0 :(得分:0)
这可能不是一个很好的解决方案,但它适用于突变:
在我的变异中,我有一个自定义函数,如果从info.context.user中拉出的用户在组中,则返回true;否则,返回false:
class RelayCreateConversation(relay.ClientIDMutation):
# Set a variable as the field we want to use
conversation = graphene.Field(ConversationNode)
# Create a custom response as a string if the user doesn't have authentication
custom_response = graphene.String()
# What is passed through in the mutation
class Input:
participant_number = graphene.String()
def mutate_and_get_payload(root, info, **input):
submitted_by = info.context.user
# How I manage authentication
if not group_required(submitted_by, "send_and_receive_texts"):
custom_response = "You do not have the correct permissions to do this action"
return RelayCreateConversation(conversation=custom_response)
# mutation code here
然后我导入了一个非常简单的帮助函数:
def group_required(user, *group_names):
if bool(user.groups.filter(name__in=group_names)) | user.is_superuser:
return True
return False
局限性:我目前尚未尝试使用此功能来管理查询。如果有人先于我了,请发表评论或更新我的回复。