def visit_field_definition( self, field: GraphQLField, object_type: Union[GraphQLObjectType, GraphQLInterfaceType], ) -> GraphQLField: """Check authorization and execute query.""" original_resolver = field.resolve or default_field_resolver async def new_resolver(*args: Any, **kwargs: Any) -> Any: roles = [Role.from_name(r) for r in self.args.get("roles")] permissions = [ Permission.from_name(p) for p in self.args.get("permissions") ] user = args[1].context["request"].user auth = args[1].context["request"].auth if not authorization.has_any_of_roles_or_permissions( user=user, auth=auth, roles=roles, permissions=permissions, **kwargs): logger.info(msg="Not authorized") raise Exception("Not authorized.") return await original_resolver(*args, **kwargs) field.resolve = new_resolver return field
def visit_field_definition( self, field: GraphQLField, object_type: Union[GraphQLObjectType, GraphQLInterfaceType], ) -> GraphQLField: resource: str = self.args.get("resource") action: str = self.args.get("action") original_resolve = field.resolve or default_field_resolver async def resolve_permission(obj, info, **kwargs): access_key = info.context["access_key"] try: permission = handlers.verify_user_permission( access_key=access_key, action=action, resource=resource, uow=uow, ) except (handlers.NotAllowed, handlers.UnknownUser) as ex: return GraphQLError(ex.message) info.context["permission"] = permission return await original_resolve(obj, info, **kwargs) field.resolve = resolve_permission return field