search

graphql-python / graphene-django

Build powerful, efficient, and flexible GraphQL APIs with seamless Django integration.
http://docs.graphene-python.org/projects/django/en/latest/
MIT License
4.31k stars 769 forks source link

Restricted fields in objecttypes #1488

Open elyas-hedayat opened 11 months ago

elyas-hedayat commented 11 months ago

Hi

In some case we need to restricted user from accessing some field in Objecttype . way for controlling this action now is sth like this (https://github.com/graphql-python/graphene-django/blob/main/docs/authorization.rst#limiting-field-access) :

from graphene import relay
from graphene_django.types import DjangoObjectType
from .models import Post

class PostNode(DjangoObjectType):
    class Meta:
        model = Post
        fields = ('title', 'content', 'owner')
        interfaces = (relay.Node, )

    def resolve_owner(self, info):
        user = info.context.user
        if user.is_anonymous:
            raise PermissionDenied("Please login")
        if not user.is_staff:
            return None
        return self.owner

i think it can be better than this if we can set for example restricted fields option in objecttypes .

class ExampleNode(DjangoNode):

    class Meta:
        model = Example
        fields = ["example_field"]
        # Option 1
        restricted_fields = {
            "example_field": lambda user: user.is_authenticated,
        }

also it is implemented in : https://github.com/MrThearMan/graphene-django-extensions/blob/main/docs/permissions.md#restricted-fields