search

olragon / graphql_api

GraphQL for Drupal 7
GNU General Public License v2.0
13 stars 3 forks source link

Empty results when using graphiql as non-admin. #17

Open d0t15t opened 6 years ago

d0t15t commented 6 years ago

I've created a role 'api' and assigned it to 'Use GraphQL query' in Drupal-Permissions. The user can then reach the /graphql/graphiql page, but queries return only empty results. When logged in as an admin, the same query returns all nodes as expected.

graphiql___drupal_7_base 2 graphiql___drupal_7_base

olragon commented 6 years ago

User need permission to read node_article

d0t15t commented 6 years ago

Sorry i forgot to mention, the user has the permission: "View published content" (There are no node level view permissions in core drupal). The user can view all the same nodes as the admin, yet gets empty results in Graphiql. When i assign the test role the permission "Administer content", then it receives the expected results in Graphiql.

olragon commented 6 years ago

You can try to run entity_access('view', 'node', $node). All thing related to permissions is checked through entity_access($op, $entity_type, $entity).

https://github.com/olragon/graphql_api/blob/master/src/Schema.php#L336:24