2

我的石墨烯架构上有客户、用户、项目和旅行:

class Clients(SQLAlchemyObjectType):
    class Meta:
        model = ClientModel
        interfaces = (relay.Node, )

class Users(SQLAlchemyObjectType):
    class Meta:
        model = UserModel
        interfaces = (relay.Node, )

class Projects(SQLAlchemyObjectType):
    class Meta:
        model = ProjectModel
        interfaces = (relay.Node, )

class Trips(SQLAlchemyObjectType):
    class Meta:
        model = TripModel
        interfaces = (relay.Node, )

我想要做的是设置权限,以便有人传递与一个特定客户匹配的访问令牌,并仅显示该特定客户的用户、项目和旅行。

这个怎么做?石墨烯有没有办法做到这一点?

4

1 回答 1

1

我做到了flask_httpauth

from flask_httpauth import HTTPTokenAuth
@auth.verify_token
def verify_token(token):
    for client in ClientModel.query.all():
        if client.access_token == token:
            g.current_user = client
            return True
    return False

然后我只是将login_required装饰器resolve_放在我的 Query 类的每个函数上,如下所示:

@auth.login_required
    def resolve_clients(self, info):
        current_client = g.current_user
        for client in ClientModel.query.all():
            if client.id == current_client.id:
                return client
        return None
于 2018-01-18T23:53:04.457 回答