Table of Contents
Les permissions sont gérées dans les mutations et les requêtes GraphQL grâce aux décorateurs provenant de graphql_jwt (https://django-graphql-jwt.domake.io/en/stable/).
Décorateurs pertinents :
-
permission_required -
login_required -
etc …
Example 1. Permissions sur une mutation GraphQL
import graphene
from django.conf import settings
from graphql_jwt.decorators import permission_required
# ...
class PaymentCapture(BaseMutation):
payment = graphene.Field(Payment, description='Updated payment')
class Arguments:
payment_id = graphene.ID(required=True, description='Payment ID')
amount = Decimal(description='Transaction amount')
class Meta:
description = 'Captures the authorized payment amount'
@classmethod
@permission_required('order.manage_orders')
def mutate(cls, root, info, payment_id, amount=None):
errors = []
payment = cls.get_node_or_error(
info, payment_id, errors, 'payment_id', only_type=Payment)
if not payment:
return PaymentCapture(errors=errors)
try:
gateway_capture(payment, amount)
except PaymentError as exc:
msg = str(exc)
cls.add_error(field=None, message=msg, errors=errors)
return PaymentCapture(payment=payment, errors=errors)L’argument order.manage_orders est une permission définie dans salor/core/permissions.py de la manière suivante :
from django.contrib.auth.models import Permission
MODELS_PERMISSIONS = [
'account.manage_users',
'account.manage_staff',
'account.impersonate_users',
'discount.manage_discounts',
'menu.manage_menus',
'order.manage_orders',
'page.manage_pages',
'product.manage_products',
'shipping.manage_shipping',
'site.manage_settings']
def split_permission_codename(permissions):
return [permission.split('.')[1] for permission in permissions]
def get_permissions(permissions=None):
if permissions is None:
permissions = MODELS_PERMISSIONS
codenames = split_permission_codename(permissions)
return Permission.objects.filter(codename__in=codenames).prefetch_related(
'content_type').order_by('codename')