I'm using nestjs with @nestjs/typeorm and @nestjs/graphql beside some REST API in my backend.
And for authorization, I'm using a token that will be sent to the backend with each request header that will be validated every time and will be used to fetch user permissions.
I can modify the execution context and inject user permissions through the context function of the Graphqlmodule.
@Injectable()
export class gqconf implements GqlOptionsFactory {
createGqlOptions(): ApolloDriverConfig {
return {
context: async ({req, res}) => {
let ctx: CustomContext = {
req,
res,
permissions: [],
}
return (ctx);
},
}
}
}
But I can not modify the original (non-GraphQL) execution context to inject user permissions
Q1. Is there a way to inject user permissions in both the REST execution context and GraphQL execution context? or should I inject permissions in every context separately?
Q2. How to inject permissions in the original REST context?
Also, I want to limit access to a field of typeorm model according to user permissions. This database model will be used as an object type through the @ObjectType decorator, and each desired field to be exposed will use the @Field decorator.
I cannot use a custom decorator over desired field as it throws error.
Q3.I want a way to access the execution context within the database model.
@ObjectType()
@Entity({name: 'appointment', database: 'name'})
export class Appointment extends BaseEntity {
@Field(() => String)
@PrimaryGeneratedColumn('uuid')
id: string;
@Field(() => GraphQLISODateTime)
@Column({name: "date", type: "datetime"})
date: string;
@CHECK_USER_PERMISSION(IF AUTHORIZED => REVEAL FIELD VALUE, IF NOT RETURN NULL) <====
@Field(() => Int)
@Column({name: 'fees', type: "int"})
fees: number;
@Field(() => String, {nullable: true})
@Column({name: 'notes', type: "longtext"})
notes: string;
}
THANKS IN ADVANCE
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745673044a4639522.html
评论列表(0条)