Pagination + HasRetValPerm fails

[vecchp]

Summary

An error occurs when trying to apply permission checks using the HasRetvalPerm extension on a paginated list of items. Specifically, the system throws a TypeError when permissions are enforced on a queryset that has already been sliced for pagination.

Error Details

• Error Message: TypeError: Cannot filter a query once a slice has been taken.
• Context: The error arises when using the HasRetvalPerm extension for permission checks on a paginated queryset.

Example

The issue is encountered with the following setup:

notes: List[NoteType] = strawberry_django.field(
    extensions=[
        HasRetvalPerm(perms=[NotePermissions.VIEW]),
    ],
    pagination=True,
)

Workaround Implemented

A temporary solution involves overriding the get_queryset method in the type definition to enforce permissions before pagination:

@strawberry_django.type(models.Note, pagination=True)
class NoteType:
    ...

    @classmethod
    def get_queryset(cls, queryset: QuerySet[models.Note], info: Info) -> QuerySet[models.Note]:
        user = get_current_user(info)
        return get_objects_for_user(user, NotePermissions.VIEW, klass=queryset)

Root Cause

Django's ORM does not allow further modifications (such as filtering for permissions) on a queryset after it has been sliced for pagination. This Django limitation conflicts with the intended use of the HasRetvalPerm extension in a paginated context.

Conclusion

We likely need to adjust the order in which the HasRetvalPerm extension and pagination are applied to ensure that permission checks on the queryset occur prior to pagination.

System Information

• Operating system: OSX
• Strawberry version (if applicable): 0.30

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.