feat: add option to hide mutation fields (#547)

basedosdados · Jan 16, 2024 · 1b4f0e5 · 1b4f0e5
1 parent a4bbdd6
commit 1b4f0e5
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 19 deletions.
diff --git a/bd_api/apps/account/models.py b/bd_api/apps/account/models.py
@@ -298,9 +298,15 @@ class Account(BaseModel, AbstractBaseUser, PermissionsMixin):
 
     objects = AccountManager()
 
-    graphql_mutation_decorator = ownership_required
+    graphql_fields_blacklist = [
+        "is_admin",
+        "is_superuser",
+        "staff_groups",
+        *BaseModel.graphql_fields_blacklist,
+    ]
     graphql_filter_fields_blacklist = ["internal_subscription"]
     graphql_nested_filter_fields_whitelist = ["email", "username"]
+    graphql_mutation_decorator = ownership_required
 
     USERNAME_FIELD = "email"
     REQUIRED_FIELDS = ["username", "first_name", "last_name"]

diff --git a/bd_api/custom/graphql_auto.py b/bd_api/custom/graphql_auto.py
@@ -81,17 +81,11 @@ def generate_form_fields(model: BaseModel):
         models.ImageField,
         models.UUIDField,
     )
-    blacklist_field_names = (
-        "_field_status",
-        "id",
-        "created_at",
-        "updated_at",
-        "order",
-    )
     fields = []
     for field in model._meta.get_fields():
-        if isinstance(field, whitelist_field_types) and field.name not in blacklist_field_names:
-            fields.append(field.name)
+        if isinstance(field, whitelist_field_types):
+            if field.name not in model.graphql_fields_blacklist:
+                fields.append(field.name)
     return fields
 
 

diff --git a/bd_api/custom/graphql_jwt.py b/bd_api/custom/graphql_jwt.py
@@ -48,11 +48,6 @@ def get_uid(context, exp=r"id:\s[\"]?(\d+)[\"]?"):
         except Exception:
             query = str(context._post).replace('\\"', "").lower()
 
-        if "isadmin" in query:
-            return None
-        if "issuperuser" in query:
-            return None
-
         return [int(uid) for uid in findall(exp, query)]
 
     @wraps(f)

diff --git a/bd_api/custom/model.py b/bd_api/custom/model.py
@@ -4,6 +4,16 @@
 from django.db import models
 from graphql_jwt.decorators import staff_member_required
 
+default_blacklist_fields = [
+    "created_at",
+    "updated_at",
+    "deleted_at",
+    "id",
+    "order",
+    "_field_status",
+]
+default_mutation_decorator = staff_member_required
+
 
 class BaseModel(models.Model):
     """
@@ -12,6 +22,7 @@ class BaseModel(models.Model):
 
     Attributes:
     - graphql_visible: show or hide the model in the documentation
+    - graphql_fields_black_list: list of fields to hide in mutations
     - graphql_mutation_decorator: authentication decorator for mutations
     """
 
@@ -20,13 +31,15 @@ class Meta:
 
     graphql_visible: bool = True
 
-    graphql_mutation_decorator: Callable = staff_member_required
-
-    graphql_filter_fields_whitelist: List[str] = None
+    graphql_fields_whitelist: List[str] = []
+    graphql_fields_blacklist: List[str] = default_blacklist_fields
+    graphql_filter_fields_whitelist: List[str] = []
     graphql_filter_fields_blacklist: List[str] = []
-    graphql_nested_filter_fields_whitelist: List[str] = None
+    graphql_nested_filter_fields_whitelist: List[str] = []
     graphql_nested_filter_fields_blacklist: List[str] = []
 
+    graphql_mutation_decorator: Callable = default_mutation_decorator
+
     @classmethod
     def get_graphql_filter_fields_whitelist(cls) -> List[models.Field]:
         """