How to give query permission

[MedNabilEssefaihi]

Hi community,

I want to know how can add permission to the QUERY class, to give the possibility the user to get only his data and no more ?

import graphene
from graphql_auth import mutations
from graphql_auth.schema import UserQuery, MeQuery

class Query(UserQuery, MeQuery, graphene.ObjectType):
    pass

I want to block this query per example to normal users

query {
  users {
    edges {
      node {
        username,
        archived,
        verified,
        email,
        secondaryEmail,
      }
    }
  }
}

⚠️ they don't have to see other users data

[portedison]

Use MeQuery - I have removed UserQuery, quite dangerous to leave it in there. If you want to add a user specific mutation/query you can use the verification_required. No docs on it but it extends this https://django-graphql-jwt.domake.io/decorators.html#login-required