Updated permissions #181

2025-10-08 17:27:11 +02:00
parent cdb5e4ff89
commit 3774cef56a
4 changed files with 24 additions and 15 deletions
--- a/src/cpl-graphql/cpl/graphql/auth/api_key/api_key_mutation.py
+++ b/src/cpl-graphql/cpl/graphql/auth/api_key/api_key_mutation.py
@@ -25,7 +25,7 @@ class ApiKeyMutation(Mutation):
        self.int_field(
            "create",
            self.resolve_create,
-        ).with_require_any_permission(Permissions.users_create).with_argument(
+        ).with_require_any_permission(Permissions.api_keys_create).with_argument(
            "input",
            ApiKeyCreateInput,
        ).with_required()
@@ -33,7 +33,7 @@ class ApiKeyMutation(Mutation):
        self.bool_field(
            "update",
            self.resolve_update,
-        ).with_require_any_permission(Permissions.users_update).with_argument(
+        ).with_require_any_permission(Permissions.api_keys_update).with_argument(
            "input",
            ApiKeyUpdateInput,
        ).with_required()
@@ -41,7 +41,7 @@ class ApiKeyMutation(Mutation):
        self.bool_field(
            "delete",
            self.resolve_delete,
-        ).with_require_any_permission(Permissions.users_delete).with_argument(
+        ).with_require_any_permission(Permissions.api_keys_delete).with_argument(
            "id",
            int,
        ).with_required()
@@ -49,7 +49,7 @@ class ApiKeyMutation(Mutation):
        self.bool_field(
            "restore",
            self.resolve_restore,
-        ).with_require_any_permission(Permissions.users_delete).with_argument(
+        ).with_require_any_permission(Permissions.api_keys_delete).with_argument(
            "id",
            int,
        ).with_required()
--- a/src/cpl-graphql/cpl/graphql/auth/graphql_auth_module.py
+++ b/src/cpl-graphql/cpl/graphql/auth/graphql_auth_module.py
@@ -1,3 +1,4 @@
+from cpl.auth.permission import Permissions
 from cpl.auth.schema import UserDao, ApiKeyDao, RoleDao
 from cpl.core.configuration import Configuration
 from cpl.dependency import ServiceProvider
@@ -53,11 +54,17 @@ class GraphQLAuthModule(Module):
            raise Exception("GraphQLAuthModule is not loaded yet. Make sure to run 'add_module(GraphQLAuthModule)'")

        schema = provider.get_service(Schema)
-        schema.query.dao_collection_field(UserGraphType, UserDao, "users", UserFilter, UserSort).with_public(public)
-        schema.query.dao_collection_field(ApiKeyGraphType, ApiKeyDao, "apiKeys", ApiKeyFilter, ApiKeySort).with_public(
-            public
-        )
-        schema.query.dao_collection_field(RoleGraphType, RoleDao, "roles", RoleFilter, RoleSort).with_public(public)
+        schema.query.dao_collection_field(
+            UserGraphType, UserDao, "users", UserFilter, UserSort
+        ).with_require_any_permission(Permissions.users).with_public(public)
+
+        schema.query.dao_collection_field(
+            ApiKeyGraphType, ApiKeyDao, "apiKeys", ApiKeyFilter, ApiKeySort
+        ).with_require_any_permission(Permissions.api_keys).with_public(public)
+
+        schema.query.dao_collection_field(
+            RoleGraphType, RoleDao, "roles", RoleFilter, RoleSort
+        ).with_require_any_permission(Permissions.roles).with_public(public)

    @staticmethod
    def with_auth_root_mutations(provider: ServiceProvider, public: bool = False):
--- a/src/cpl-graphql/cpl/graphql/auth/user/user_graph_type.py
+++ b/src/cpl-graphql/cpl/graphql/auth/user/user_graph_type.py
@@ -4,9 +4,9 @@ from cpl.graphql.schema.db_model_graph_type import DbModelGraphType

 class UserGraphType(DbModelGraphType[User]):

-    def __init__(self):
+    def __init__(self, public: bool = False):
        DbModelGraphType.__init__(self)

-        self.string_field(User.keycloak_id, lambda root: root.keycloak_id)
-        self.string_field(User.username, lambda root: root.username)
-        self.string_field(User.email, lambda root: root.email)
+        self.string_field(User.keycloak_id, lambda root: root.keycloak_id).with_public(public)
+        self.string_field(User.username, lambda root: root.username).with_public(public)
+        self.string_field(User.email, lambda root: root.email).with_public(public)
--- a/src/cpl-graphql/cpl/graphql/schema/field.py
+++ b/src/cpl-graphql/cpl/graphql/schema/field.py
@@ -133,7 +133,9 @@ class Field:
        return self

    def with_public(self, public: bool = True) -> Self:
-        assert self._require_any is None, "Field cannot be public and have require_any set"
-        assert self._require_any_permission is None, "Field cannot be public and have require_any_permission set"
+        if public:
+            self._require_any = None
+            self._require_any_permission = None
+
        self._public = public
        return self