Skip to main content

common.graphql.acl.decorators

permission_classes

def permission_classes(*perms: types.PermissionsClasses)

permission_classes is a decorator for graphene's ObjectType and Mutation classes or for resolver functions. It wraps default resolver functions with permission checking function.

Example usage:

@permission_classes(IsAuthenticatedFullAccess)
class Query(graphene.ObjectType):
    all_crud_demo_items = graphene.relay.ConnectionField(CrudDemoItemConnection)
    crud_demo_item_by_id = graphene.Field(CrudDemoItemType, id=graphene.String())

    @permission_classes(AnyoneFullAccess)
    def resolve_crud_demo_item_by_id(self, info, id):
        _, pk = from_global_id(id)
        return models.CrudDemoItem.objects.get(pk=pk)

    def resolve_all_crud_demo_items(self, info, **kwargs):
        return models.CrudDemoItem.objects.all()


@permission_classes(IsAuthenticatedFullAccess)
class Mutation(graphene.ObjectType):
    create_or_update_crud_demo_item = permission_classes(AnyoneFullAccess)(
        CreateOrUpdateCrudDemoItemMutation.Field()
    )
    delete_crud_demo_item = DeleteCrudDemoItemMutation.Field()

Access to resolve_crud_demo_item_by_id will be allowed by anyone but other Fields/Connections declared in Query will be available only for authenticated users.