Apply permission for all queries and mutations #3956
Unanswered
AlexanderKulia
asked this question in
Q&A
Replies: 1 comment 1 reply
-
mmh, that seems like a bug, can you tell me more? does it not show any tracing at all? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
I created another discussion for that topic here |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi. Is there a way to configure a permission that automatically applies to the whole schema?
My API is fully private, not a single query or mutation is meant to be public. Using
strawberry.field(permission_classes=[IsAuthenticated])for every field is a solution, but it's error-prone. If someone in the team forgets to add this permission in a new endpoint, it's automatically a security issueAnother solution would be to use FastAPI and mount Strawberry as a router like so:
app.include_router(graphql_app, prefix="/graphql", dependencies=[Depends(check_auth)])It works, but Sentry integration does not work properly with this setup. It does not recognize anything behind
/graphqlendpoint which makes automatic tracing impossibleBeta Was this translation helpful? Give feedback.
All reactions