From 3774cef56a4468546bf1f0f11a854a80fdbc975e Mon Sep 17 00:00:00 2001 From: edraft Date: Wed, 8 Oct 2025 17:27:11 +0200 Subject: [PATCH] Updated permissions #181 --- .../graphql/auth/api_key/api_key_mutation.py | 8 ++++---- .../cpl/graphql/auth/graphql_auth_module.py | 17 ++++++++++++----- .../cpl/graphql/auth/user/user_graph_type.py | 8 ++++---- src/cpl-graphql/cpl/graphql/schema/field.py | 6 ++++-- 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/src/cpl-graphql/cpl/graphql/auth/api_key/api_key_mutation.py b/src/cpl-graphql/cpl/graphql/auth/api_key/api_key_mutation.py index 67444e3b..dd3a4665 100644 --- a/src/cpl-graphql/cpl/graphql/auth/api_key/api_key_mutation.py +++ b/src/cpl-graphql/cpl/graphql/auth/api_key/api_key_mutation.py @@ -25,7 +25,7 @@ class ApiKeyMutation(Mutation): self.int_field( "create", self.resolve_create, - ).with_require_any_permission(Permissions.users_create).with_argument( + ).with_require_any_permission(Permissions.api_keys_create).with_argument( "input", ApiKeyCreateInput, ).with_required() @@ -33,7 +33,7 @@ class ApiKeyMutation(Mutation): self.bool_field( "update", self.resolve_update, - ).with_require_any_permission(Permissions.users_update).with_argument( + ).with_require_any_permission(Permissions.api_keys_update).with_argument( "input", ApiKeyUpdateInput, ).with_required() @@ -41,7 +41,7 @@ class ApiKeyMutation(Mutation): self.bool_field( "delete", self.resolve_delete, - ).with_require_any_permission(Permissions.users_delete).with_argument( + ).with_require_any_permission(Permissions.api_keys_delete).with_argument( "id", int, ).with_required() @@ -49,7 +49,7 @@ class ApiKeyMutation(Mutation): self.bool_field( "restore", self.resolve_restore, - ).with_require_any_permission(Permissions.users_delete).with_argument( + ).with_require_any_permission(Permissions.api_keys_delete).with_argument( "id", int, ).with_required() diff --git a/src/cpl-graphql/cpl/graphql/auth/graphql_auth_module.py b/src/cpl-graphql/cpl/graphql/auth/graphql_auth_module.py index 9b41cc8e..7ce2a0b4 100644 --- a/src/cpl-graphql/cpl/graphql/auth/graphql_auth_module.py +++ b/src/cpl-graphql/cpl/graphql/auth/graphql_auth_module.py @@ -1,3 +1,4 @@ +from cpl.auth.permission import Permissions from cpl.auth.schema import UserDao, ApiKeyDao, RoleDao from cpl.core.configuration import Configuration from cpl.dependency import ServiceProvider @@ -53,11 +54,17 @@ class GraphQLAuthModule(Module): raise Exception("GraphQLAuthModule is not loaded yet. Make sure to run 'add_module(GraphQLAuthModule)'") schema = provider.get_service(Schema) - schema.query.dao_collection_field(UserGraphType, UserDao, "users", UserFilter, UserSort).with_public(public) - schema.query.dao_collection_field(ApiKeyGraphType, ApiKeyDao, "apiKeys", ApiKeyFilter, ApiKeySort).with_public( - public - ) - schema.query.dao_collection_field(RoleGraphType, RoleDao, "roles", RoleFilter, RoleSort).with_public(public) + schema.query.dao_collection_field( + UserGraphType, UserDao, "users", UserFilter, UserSort + ).with_require_any_permission(Permissions.users).with_public(public) + + schema.query.dao_collection_field( + ApiKeyGraphType, ApiKeyDao, "apiKeys", ApiKeyFilter, ApiKeySort + ).with_require_any_permission(Permissions.api_keys).with_public(public) + + schema.query.dao_collection_field( + RoleGraphType, RoleDao, "roles", RoleFilter, RoleSort + ).with_require_any_permission(Permissions.roles).with_public(public) @staticmethod def with_auth_root_mutations(provider: ServiceProvider, public: bool = False): diff --git a/src/cpl-graphql/cpl/graphql/auth/user/user_graph_type.py b/src/cpl-graphql/cpl/graphql/auth/user/user_graph_type.py index 73a44c37..f0ffa1ab 100644 --- a/src/cpl-graphql/cpl/graphql/auth/user/user_graph_type.py +++ b/src/cpl-graphql/cpl/graphql/auth/user/user_graph_type.py @@ -4,9 +4,9 @@ from cpl.graphql.schema.db_model_graph_type import DbModelGraphType class UserGraphType(DbModelGraphType[User]): - def __init__(self): + def __init__(self, public: bool = False): DbModelGraphType.__init__(self) - self.string_field(User.keycloak_id, lambda root: root.keycloak_id) - self.string_field(User.username, lambda root: root.username) - self.string_field(User.email, lambda root: root.email) + self.string_field(User.keycloak_id, lambda root: root.keycloak_id).with_public(public) + self.string_field(User.username, lambda root: root.username).with_public(public) + self.string_field(User.email, lambda root: root.email).with_public(public) diff --git a/src/cpl-graphql/cpl/graphql/schema/field.py b/src/cpl-graphql/cpl/graphql/schema/field.py index cea91c93..7866fafa 100644 --- a/src/cpl-graphql/cpl/graphql/schema/field.py +++ b/src/cpl-graphql/cpl/graphql/schema/field.py @@ -133,7 +133,9 @@ class Field: return self def with_public(self, public: bool = True) -> Self: - assert self._require_any is None, "Field cannot be public and have require_any set" - assert self._require_any_permission is None, "Field cannot be public and have require_any_permission set" + if public: + self._require_any = None + self._require_any_permission = None + self._public = public return self