Updated permissions #181
All checks were successful
Test before pr merge / test-lint (pull_request) Successful in 10s
All checks were successful
Test before pr merge / test-lint (pull_request) Successful in 10s
This commit is contained in:
@@ -25,7 +25,7 @@ class ApiKeyMutation(Mutation):
|
|||||||
self.int_field(
|
self.int_field(
|
||||||
"create",
|
"create",
|
||||||
self.resolve_create,
|
self.resolve_create,
|
||||||
).with_require_any_permission(Permissions.users_create).with_argument(
|
).with_require_any_permission(Permissions.api_keys_create).with_argument(
|
||||||
"input",
|
"input",
|
||||||
ApiKeyCreateInput,
|
ApiKeyCreateInput,
|
||||||
).with_required()
|
).with_required()
|
||||||
@@ -33,7 +33,7 @@ class ApiKeyMutation(Mutation):
|
|||||||
self.bool_field(
|
self.bool_field(
|
||||||
"update",
|
"update",
|
||||||
self.resolve_update,
|
self.resolve_update,
|
||||||
).with_require_any_permission(Permissions.users_update).with_argument(
|
).with_require_any_permission(Permissions.api_keys_update).with_argument(
|
||||||
"input",
|
"input",
|
||||||
ApiKeyUpdateInput,
|
ApiKeyUpdateInput,
|
||||||
).with_required()
|
).with_required()
|
||||||
@@ -41,7 +41,7 @@ class ApiKeyMutation(Mutation):
|
|||||||
self.bool_field(
|
self.bool_field(
|
||||||
"delete",
|
"delete",
|
||||||
self.resolve_delete,
|
self.resolve_delete,
|
||||||
).with_require_any_permission(Permissions.users_delete).with_argument(
|
).with_require_any_permission(Permissions.api_keys_delete).with_argument(
|
||||||
"id",
|
"id",
|
||||||
int,
|
int,
|
||||||
).with_required()
|
).with_required()
|
||||||
@@ -49,7 +49,7 @@ class ApiKeyMutation(Mutation):
|
|||||||
self.bool_field(
|
self.bool_field(
|
||||||
"restore",
|
"restore",
|
||||||
self.resolve_restore,
|
self.resolve_restore,
|
||||||
).with_require_any_permission(Permissions.users_delete).with_argument(
|
).with_require_any_permission(Permissions.api_keys_delete).with_argument(
|
||||||
"id",
|
"id",
|
||||||
int,
|
int,
|
||||||
).with_required()
|
).with_required()
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
from cpl.auth.permission import Permissions
|
||||||
from cpl.auth.schema import UserDao, ApiKeyDao, RoleDao
|
from cpl.auth.schema import UserDao, ApiKeyDao, RoleDao
|
||||||
from cpl.core.configuration import Configuration
|
from cpl.core.configuration import Configuration
|
||||||
from cpl.dependency import ServiceProvider
|
from cpl.dependency import ServiceProvider
|
||||||
@@ -53,11 +54,17 @@ class GraphQLAuthModule(Module):
|
|||||||
raise Exception("GraphQLAuthModule is not loaded yet. Make sure to run 'add_module(GraphQLAuthModule)'")
|
raise Exception("GraphQLAuthModule is not loaded yet. Make sure to run 'add_module(GraphQLAuthModule)'")
|
||||||
|
|
||||||
schema = provider.get_service(Schema)
|
schema = provider.get_service(Schema)
|
||||||
schema.query.dao_collection_field(UserGraphType, UserDao, "users", UserFilter, UserSort).with_public(public)
|
schema.query.dao_collection_field(
|
||||||
schema.query.dao_collection_field(ApiKeyGraphType, ApiKeyDao, "apiKeys", ApiKeyFilter, ApiKeySort).with_public(
|
UserGraphType, UserDao, "users", UserFilter, UserSort
|
||||||
public
|
).with_require_any_permission(Permissions.users).with_public(public)
|
||||||
)
|
|
||||||
schema.query.dao_collection_field(RoleGraphType, RoleDao, "roles", RoleFilter, RoleSort).with_public(public)
|
schema.query.dao_collection_field(
|
||||||
|
ApiKeyGraphType, ApiKeyDao, "apiKeys", ApiKeyFilter, ApiKeySort
|
||||||
|
).with_require_any_permission(Permissions.api_keys).with_public(public)
|
||||||
|
|
||||||
|
schema.query.dao_collection_field(
|
||||||
|
RoleGraphType, RoleDao, "roles", RoleFilter, RoleSort
|
||||||
|
).with_require_any_permission(Permissions.roles).with_public(public)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def with_auth_root_mutations(provider: ServiceProvider, public: bool = False):
|
def with_auth_root_mutations(provider: ServiceProvider, public: bool = False):
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ from cpl.graphql.schema.db_model_graph_type import DbModelGraphType
|
|||||||
|
|
||||||
class UserGraphType(DbModelGraphType[User]):
|
class UserGraphType(DbModelGraphType[User]):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self, public: bool = False):
|
||||||
DbModelGraphType.__init__(self)
|
DbModelGraphType.__init__(self)
|
||||||
|
|
||||||
self.string_field(User.keycloak_id, lambda root: root.keycloak_id)
|
self.string_field(User.keycloak_id, lambda root: root.keycloak_id).with_public(public)
|
||||||
self.string_field(User.username, lambda root: root.username)
|
self.string_field(User.username, lambda root: root.username).with_public(public)
|
||||||
self.string_field(User.email, lambda root: root.email)
|
self.string_field(User.email, lambda root: root.email).with_public(public)
|
||||||
|
|||||||
@@ -133,7 +133,9 @@ class Field:
|
|||||||
return self
|
return self
|
||||||
|
|
||||||
def with_public(self, public: bool = True) -> Self:
|
def with_public(self, public: bool = True) -> Self:
|
||||||
assert self._require_any is None, "Field cannot be public and have require_any set"
|
if public:
|
||||||
assert self._require_any_permission is None, "Field cannot be public and have require_any_permission set"
|
self._require_any = None
|
||||||
|
self._require_any_permission = None
|
||||||
|
|
||||||
self._public = public
|
self._public = public
|
||||||
return self
|
return self
|
||||||
|
|||||||
Reference in New Issue
Block a user