def visit_field_definition(
self,
field: GraphQLField,
object_type: Union[GraphQLObjectType, GraphQLInterfaceType],
) -> GraphQLField:
"""Check authorization and execute query."""
original_resolver = field.resolve or default_field_resolver
async def new_resolver(*args: Any, **kwargs: Any) -> Any:
roles = [Role.from_name(r) for r in self.args.get("roles")]
permissions = [
Permission.from_name(p) for p in self.args.get("permissions")
]
user = args[1].context["request"].user
auth = args[1].context["request"].auth
if not authorization.has_any_of_roles_or_permissions(
user=user,
auth=auth,
roles=roles,
permissions=permissions,
**kwargs):
logger.info(msg="Not authorized")
raise Exception("Not authorized.")
return await original_resolver(*args, **kwargs)
field.resolve = new_resolver
return field
def visit_field_definition(
self,
field: GraphQLField,
object_type: Union[GraphQLObjectType, GraphQLInterfaceType],
) -> GraphQLField:
resource: str = self.args.get("resource")
action: str = self.args.get("action")
original_resolve = field.resolve or default_field_resolver
async def resolve_permission(obj, info, **kwargs):
access_key = info.context["access_key"]
try:
permission = handlers.verify_user_permission(
access_key=access_key,
action=action,
resource=resource,
uow=uow,
)
except (handlers.NotAllowed, handlers.UnknownUser) as ex:
return GraphQLError(ex.message)
info.context["permission"] = permission
return await original_resolve(obj, info, **kwargs)
field.resolve = resolve_permission
return field
