ScopedDjangoNode

A wrapper for DjangoObjectType which automatically adds permission handling to the node.

All meta arguments:

Argument	type	Default	Description
model	Model	None	The model. Required.
node_permissions	Iterable	None	The permissions required to access the node. If not supplied, the models “get_base_scopes” method will be used to populate this field.
field_permissions	Dict	None	A dictionary of permissions per field of the model used to check if the calling user has access to the field.
allow_anonymous	Boolean	False	If true, the node can be accessed by an anonymous user.

class User(HasScopedPermissionsMixin, AbstractUser, ScopedModel):
    secret_field = models.TextField()

    def get_base_scopes(self):
        return [create_scope(self, self.id)]  # E.g. "user:1"


class UserNode(ScopedDjangoNode):
    class Meta:
        model = User
        allow_anonymous = False

# Example with more restrictive permissions
class RestrictiveUserNode(DjangoScopedNode):
    class Meta:
        model = User
        node_permissions = ["user"]  # Requires all permissions to all users
        field_permissions = {
            "secret_field": ["user:secret_field"]
        }