Skip to content

Restricted fields in objecttypes #1488

Open
@elyas-hedayat

Description

@elyas-hedayat

Hi

In some case we need to restricted user from accessing some field in Objecttype .
way for controlling this action now is sth like this (https://github.com/graphql-python/graphene-django/blob/main/docs/authorization.rst#limiting-field-access) :

from graphene import relay
from graphene_django.types import DjangoObjectType
from .models import Post

class PostNode(DjangoObjectType):
    class Meta:
        model = Post
        fields = ('title', 'content', 'owner')
        interfaces = (relay.Node, )

    def resolve_owner(self, info):
        user = info.context.user
        if user.is_anonymous:
            raise PermissionDenied("Please login")
        if not user.is_staff:
            return None
        return self.owner

i think it can be better than this if we can set for example restricted fields option in objecttypes .

class ExampleNode(DjangoNode):

    class Meta:
        model = Example
        fields = ["example_field"]
        # Option 1
        restricted_fields = {
            "example_field": lambda user: user.is_authenticated,
        }

also it is implemented in : https://github.com/MrThearMan/graphene-django-extensions/blob/main/docs/permissions.md#restricted-fields

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions