可以通过石墨烯和SQLalchemy为GraphQL设置权限
[英]Hot to set up permissions for GraphQL with graphene and SQLalchemy
问题描述
I have Clients, Users, Projects and Trips on my graphene schema: 
我的石墨烯架构上有客户,用户,项目和行程:
class Clients(SQLAlchemyObjectType):
class Meta:
model = ClientModel
interfaces = (relay.Node, )
class Users(SQLAlchemyObjectType):
class Meta:
model = UserModel
interfaces = (relay.Node, )
class Projects(SQLAlchemyObjectType):
class Meta:
model = ProjectModel
interfaces = (relay.Node, )
class Trips(SQLAlchemyObjectType):
class Meta:
model = TripModel
interfaces = (relay.Node, )
What I want to do is to setup permissions so someone pass an access token that matches one specific Client, and shows only the users, projects and trips of that specific Client. 我要做的是设置权限,以便某人传递与一个特定客户端匹配的访问令牌,并仅显示该特定客户端的用户,项目和行程。
How to do this? 这个怎么做? Is there a method on graphene to do this? 石墨烯上有一种方法可以做到这一点吗?
1 个解决方案
解决方案1
0 2018-01-18 23:53:04
I did it with flask_httpauth : 我用flask_httpauth :
from flask_httpauth import HTTPTokenAuth
@auth.verify_token
def verify_token(token):
for client in ClientModel.query.all():
if client.access_token == token:
g.current_user = client
return True
return False
Then I just put the login_required decorator on every resolve_ function on my Query class, like this: 然后,将login_required装饰器放在Query类的每个resolve_函数上,如下所示:
@auth.login_required
def resolve_clients(self, info):
current_client = g.current_user
for client in ClientModel.query.all():
if client.id == current_client.id:
return client
return None
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.