1.2.2.2. middleware

1.2.2.2.1. Classes

class AuthorizationMiddleware[source]

Bases: object

An authorization provider to ensure that the permissions on the objects that are queried are respected. If no rpc_session key is provided in the context dictionary then no authorization checks can be performed and all objects and operations will be accessible. The rpc_session key’s value must be an instance of AuthenticatedSession.

classmethod info_has_read_prop_access(info, model, field_name=None, instance=None)[source]

Check that the context provided by info has access to read the specified property of the model. This can be used to ensure that sessions which can not read a protected field can also not obtain indirect access such as filtering or sorting by it.

Parameters:
  • info (graphql.execution.base.ResolveInfo) – The resolve information for this execution.
  • model (sqlalchemy.ext.declarative.api.Base) – The SQLAlchemy model to check read-property access on.
  • field_name (str) – The specific field name to check, otherwise info.field_name.
  • instance – An optional instance of model to use for the access check.
Returns:

Whether or not the context is authorized to access the property.

Return type:

bool