Open
Description
I would like to add a permission system but want to some feedback on the API before I implement.
You would have two options and I'm proposing to add both:
Option 1: Custom queryset method
This option would let you overwrite how a queryset is filtered.
class UserNode(DjangoObjectType):
class Meta:
model = User
interfaces = (relay.Node,)
only_fields = ('email', 'first_name', 'last_name')
@classmethod
def get_queryset (cls, queryset, args, request, info):
return queryset.filter(owner=request.user)Option 2: Permissions List
This option would setup a Meta API to use to define permissions
def auth_required(queryset, args, request, info):
if request.user.is_authenticated():
return queryset
return queryset.none()
class UserNode(DjangoObjectType):
class Meta:
model = User
interfaces = (relay.Node,)
only_fields = ('email', 'first_name', 'last_name')
permissions = [auth_required]If these look like good APIs then I'll implement.