问题描述
例如: 如果用户是该组的成员,则响应将包含包括该组成员在内的所有组信息,否则响应将仅包含组内成员的计数。 我正在使用 graphene-django 并且需要从查询模式返回此数据。
class GroupMutation(graphene.Mutation):
group = graphene.Field(GroupType)
class Arguments:
id = graphene.ID(required=False)
created_by = graphene.ID(required=False)
admins = graphene.ID(required=False)
moderators = graphene.ID(required=False)
users = graphene.List(graphene.ID)
name = graphene.String(required = True)
public = graphene.Boolean(required=False)
location = graphene.String(required=False)
reported = graphene.Boolean(required=False)
reported_by = graphene.List(graphene.ID)
profile_picture = Upload(required=False)
background_picture = Upload(required=False)
解决方法
您的 GraphQL/Graphene schema 将需要包含这两个字段,因为架构不能根据用户有条件地更改,但您可以有条件地选择填充这些字段响应基于用户应该访问的内容。
例如:
import graphene
class GroupNode(graphene.ObjectType):
# Assume MemberNode is defined elsewhere
members = graphene.List(MemberNode)
members_count = graphene.Int()
def resolve_members(parent,info):
if info.context.user.username == 'allowed_user':
return Members.objects.all() # whatever logic you need
# Return nothing if the user is not allowed
return None
def resolve_members_count(parent,info):
if info.context.user.username == 'allowed_user':
# We don't need to return this,since the user can access `members` directly
return None
return Members.objects.count()
请注意,这两个字段都需要可以为空(即您不能传递 required=True
),以便您可以选择在 resolve_
方法中省略它们。 (或者,您可以选择使用 members
和 required=True
而不是 return []
使 return None
非空,如果这样更方便。)
还有一些其他类型的 authorization examples Graphene-Django docs,以防万一。