0
This may not be an elegant solution, but it’s one that works for mutations:
In my mutation, I have a custom function that returns true if the user pulled from info.context.user is in a group, or false if they are not:
class RelayCreateConversation(relay.ClientIDMutation):
# Set a variable as the field we want to use
conversation = graphene.Field(ConversationNode)
# Create a custom response as a string if the user doesn't have authentication
custom_response = graphene.String()
# What is passed through in the mutation
class Input:
participant_number = graphene.String()
def mutate_and_get_payload(root, info, **input):
submitted_by = info.context.user
# How I manage authentication
if not group_required(submitted_by, "send_and_receive_texts"):
custom_response = "You do not have the correct permissions to do this action"
return RelayCreateConversation(conversation=custom_response)
# mutation code here
And then I have a helper function which I import which is dead simple:
def group_required(user, *group_names):
if bool(user.groups.filter(name__in=group_names)) | user.is_superuser:
return True
return False
Limitations: I currently haven’t tried to manage queries with this yet, just functions. If someone gets to that before I do, please comment or update my response.
Source:stackexchange.com