1.2.2.2. middleware¶
1.2.2.2.1. Classes¶
-
class
AuthorizationMiddleware[source]¶ Bases:
objectAn authorization provider to ensure that the permissions on the objects that are queried are respected. If no rpc_session key is provided in the context dictionary then no authorization checks can be performed and all objects and operations will be accessible. The rpc_session key’s value must be an instance of
AuthenticatedSession.-
classmethod
info_has_read_prop_access(info, model, field_name=None, instance=None)[source]¶ Check that the context provided by info has access to read the specified property of the model. This can be used to ensure that sessions which can not read a protected field can also not obtain indirect access such as filtering or sorting by it.
Parameters: - info (
graphql.execution.base.ResolveInfo) – The resolve information for this execution. - model (
sqlalchemy.ext.declarative.api.Base) – The SQLAlchemy model to check read-property access on. - field_name (str) – The specific field name to check, otherwise
info.field_name. - instance – An optional instance of model to use for the access check.
Returns: Whether or not the context is authorized to access the property.
Return type: - info (
-
classmethod