问题
I am doing the graphene tutorial on filtering with relay from: http://docs.graphene-python.org/projects/django/en/latest/filtering/ where the user is restricted to query objects that they previously created. I am using graphene 2, django 2, and django-filter 1.11.
class AnimalFilter(django_filters.FilterSet):
# Do case-insensitive lookups on 'name'
name = django_filters.CharFilter(lookup_expr=['iexact']) #changed this to work
class Meta:
model = Animal
fields = ['name', 'genus', 'is_domesticated']
@property
def qs(self):
# The query context can be found in self.request.
return super(AnimalFilter, self).qs.filter(owner=self.request.user)
I am having an inserting the self.request.user part, where the user data is loaded. When I do a query like:
query {
allAnimalss {
edges {
node {
id,
name
}
}
}
}
I get an error in the query field:
{
"errors": [
{
"message": "'NoneType' object has no attribute 'user'",
"locations": [
{
"line": 2,
"column": 3
}
]
}
],
"data": {
"allAnimals": null
}
}
If I remove the filter it works fine. The tutorial mentioned "owned by the authenticated user (set in context.user)." what does this mean?
I tried adding a get_context_data function to the views.py
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['user'] = self.request.user
return context
and also changing self.request.user to self.context.user but it does not work
回答1:
You can access the request and thereby the user via info.context in the resolver method. The docs are not great explaining this, but here you can see an example
def resolve_something(self, info, something_id):
# Here info.context is the django request object
something = Something.objects.get(something_id)
if info.context.user.id == something.user_id:
# The user owns this object!
return something
# Return None or raise an exception here maybe since it's not the owner
return None
来源:https://stackoverflow.com/questions/50916106/django-graphene-relay-restricting-queries-to-objects-owned-the-user