ScopedDjangoNode
A wrapper for DjangoObjectType which automatically adds permission handling to the node.
All meta arguments:
Argument |
type |
Default |
Description |
---|---|---|---|
model |
Model |
None |
The model. Required. |
node_permissions |
Iterable |
None |
The permissions required to access the node. If not supplied, the models “get_base_scopes” method will be used to populate this field. |
field_permissions |
Dict |
None |
A dictionary of permissions per field of the model used to check if the calling user has access to the field. |
allow_anonymous |
Boolean |
False |
If true, the node can be accessed by an anonymous user. |
class User(HasScopedPermissionsMixin, AbstractUser, ScopedModel):
secret_field = models.TextField()
def get_base_scopes(self):
return [create_scope(self, self.id)] # E.g. "user:1"
class UserNode(ScopedDjangoNode):
class Meta:
model = User
allow_anonymous = False
# Example with more restrictive permissions
class RestrictiveUserNode(DjangoScopedNode):
class Meta:
model = User
node_permissions = ["user"] # Requires all permissions to all users
field_permissions = {
"secret_field": ["user:secret_field"]
}