Add implicit filter #46
Comments
|
Here's an example of how I solved this exact issue. Required extending the default class and utilizing it in my queries: class AuthModifiedFilterableConnectionField(FilterableConnectionField):
@classmethod
def get_query(cls, model, info: 'ResolveInfo', sort=None, **args):
"""Standard get_query with filtering. Adds nulls last to the default filterable connection order-by"""
query = get_query(model, info.context)
# logic for auth that get's auth info from flask:
user_details = _request_ctx_stack.top.current_user
# removed proprietary logic for getting uuid but imagine that's here...
if hasattr(model, 'uuid'):
query = query.filter(model.uuid==uuid)
if sort is not None:
if isinstance(sort, six.string_types):
query = query.order_by(nullslast(sort.value))
else:
query = query.order_by(nullslast(*(col.value for col in sort)))
request_filters = args.get(cls.filter_arg)
if request_filters:
filter_set = cls.get_filter_set(info)
query = filter_set.filter(info, query, request_filters)
return queryFYI in this case I also wanted to add nullslast to all my sorts hence the extra few lines modifying the sort behavior. Finally here's how my class is utilized: class AuthQuery(graphene.ObjectType):
saved_locations = AuthModifiedFilterableConnectionField(SavedLocationsType.connection, filters=SavedLocationsFilter())Where savedlocations type and filter are defined as such: class SavedLocationsType(SQLAlchemyObjectType):
class Meta:
model = SavedLocations #sql alchemy mapping that's imported
interfaces = (graphene.relay.Node,)
class SavedLocationsFilter(FilterSet):
class Meta:
model = SavedLocations #sql alchemy mapping that's imported
fields = {
'uuid': [...],
}I thought it may be helpful to also show how to wrap a decorator in flask in a view function (since I couldn't find this anywhere when I had to implement it) flask_api.add_url_rule('/graphql/authenticated', view_func=requires_auth(GraphQLView.as_view(
'authgql',
schema=graphene.Schema(query=AuthQuery),
graphiql=True
)))Where here I have a decorator called Hope this helps!! |
|
Adding 'implicit' filters sounds like you need your own custom resolver. graphene-sqlalchemy-filters must be used for explicit filters for clients. |
The filtration library seems very close to what's needed for authorization logic. We have an incoming JWT token and would like to do something like adding 'implicit' filters (sometimes with joins) on most objects based on whether the userid (or, for joins, the userid in a related object) is the same as what's in the JWT.
Is there a good way to write filters and then have them triggered even when the graphql query did not include a filter, i.e., to mark certain kinds of filters as 'implicit' and use those for authorization?
I'm new to both the library and graphql. I've looked around a bit here & elsewhere and seen a bit of discussion of auth, but so far I can't figure out whether this is a reasonable direction to head.
The text was updated successfully, but these errors were encountered: