1.2.2.2. middleware
¶
1.2.2.2.1. Classes¶
-
class
AuthorizationMiddleware
[source]¶ Bases:
object
An authorization provider to ensure that the permissions on the objects that are queried are respected. If no rpc_session key is provided in the context dictionary then no authorization checks can be performed and all objects and operations will be accessible. The rpc_session key’s value must be an instance of
AuthenticatedSession
.-
classmethod
info_has_read_prop_access
(info, model, field_name=None, instance=None)[source]¶ Check that the context provided by info has access to read the specified property of the model. This can be used to ensure that sessions which can not read a protected field can also not obtain indirect access such as filtering or sorting by it.
Parameters: - info (
graphql.execution.base.ResolveInfo
) – The resolve information for this execution. - model (
sqlalchemy.ext.declarative.api.Base
) – The SQLAlchemy model to check read-property access on. - field_name (str) – The specific field name to check, otherwise
info.field_name
. - instance – An optional instance of model to use for the access check.
Returns: Whether or not the context is authorized to access the property.
Return type: - info (
-
classmethod