Python 使用graphene和SQLalchemy设置GraphQL权限的热键_Python_Flask_Sqlalchemy_Graphql_Graphene Python

Python 使用graphene和SQLalchemy设置GraphQL权限的热键

python flask sqlalchemy graphql

Python 使用graphene和SQLalchemy设置GraphQL权限的热键,python,flask,sqlalchemy,graphql,graphene-python,Python,Flask,Sqlalchemy,Graphql,Graphene Python,我的graphene模式中有客户、用户、项目和旅行： class Clients(SQLAlchemyObjectType): class Meta: model = ClientModel interfaces = (relay.Node, ) class Users(SQLAlchemyObjectType): class Meta: model = UserModel interfaces = (relay.

我的graphene模式中有客户、用户、项目和旅行：

class Clients(SQLAlchemyObjectType):
    class Meta:
        model = ClientModel
        interfaces = (relay.Node, )

class Users(SQLAlchemyObjectType):
    class Meta:
        model = UserModel
        interfaces = (relay.Node, )

class Projects(SQLAlchemyObjectType):
    class Meta:
        model = ProjectModel
        interfaces = (relay.Node, )

class Trips(SQLAlchemyObjectType):
    class Meta:
        model = TripModel
        interfaces = (relay.Node, )

我想做的是设置权限，以便某人传递与某个特定客户端匹配的访问令牌，并仅显示该特定客户端的用户、项目和行程

如何做到这一点？石墨烯上有什么方法可以做到这一点吗？

我是用flask\u httpauth做的：

from flask_httpauth import HTTPTokenAuth
@auth.verify_token
def verify_token(token):
    for client in ClientModel.query.all():
        if client.access_token == token:
            g.current_user = client
            return True
    return False

然后我只需在我的查询类的每个

resolve\u

函数上放置

login\u required

装饰器，如下所示：

@auth.login_required
    def resolve_clients(self, info):
        current_client = g.current_user
        for client in ClientModel.query.all():
            if client.id == current_client.id:
                return client
        return None