小贝子编程

我如何限制谁有权访问graphene-django graphhiql API浏览器?



Graphene-Django文档注意,如果你不想使用graphhiql API浏览器,你可以在实例化GraphQLView时传递graphiql=False。但是,我希望保持graphhiql API浏览器可用,并且仅仅限制谁可以访问它。怎么才能做到呢?

例如,我怎样才能使它只有"员工";可以访问Admin站点的用户是否有访问graphhiql浏览器的权限?

您可以扩展Graphene-DjangoGraphQLView并覆盖它的can_display_graphiql方法(在这里定义)来添加这种逻辑。

from graphene_django.views import GraphQLView as BaseGraphQLView
class GraphQLView(BaseGraphQLView):
@classmethod
def can_display_graphiql(cls, request, data):
# Only allow staff users to access the GraphiQL interface
if not request.user or not request.user.is_staff:
return False
return super().can_display_graphiql(request, data)

然后在你的urls.py文件中,使用新的GraphQLView代替默认的:

# import the GraphQLView defined above
urlpatterns = [
# ...
path("graphql", GraphQLView.as_view(graphiql=True)),
]

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium