admin管理员组

文章数量:1435859

I'm using nestjs with @nestjs/typeorm and @nestjs/graphql beside some REST API in my backend.

And for authorization, I'm using a token that will be sent to the backend with each request header that will be validated every time and will be used to fetch user permissions.

I can modify the execution context and inject user permissions through the context function of the Graphqlmodule.


@Injectable()
export class gqconf implements GqlOptionsFactory {
   
    createGqlOptions(): ApolloDriverConfig {
        return {
            
            context: async ({req, res}) => {
                let ctx: CustomContext = {
                    req,
                    res,
                    permissions: [],
                }

                return (ctx);
            },

        }

    }

}

But I can not modify the original (non-GraphQL) execution context to inject user permissions

Q1. Is there a way to inject user permissions in both the REST execution context and GraphQL execution context? or should I inject permissions in every context separately?

Q2. How to inject permissions in the original REST context?

Also, I want to limit access to a field of typeorm model according to user permissions. This database model will be used as an object type through the @ObjectType decorator, and each desired field to be exposed will use the @Field decorator.

I cannot use a custom decorator over desired field as it throws error.

Q3.I want a way to access the execution context within the database model.

@ObjectType()
@Entity({name: 'appointment', database: 'name'})
export class Appointment extends BaseEntity {

    @Field(() => String)
    @PrimaryGeneratedColumn('uuid')
    id: string;

    @Field(() => GraphQLISODateTime)
    @Column({name: "date", type: "datetime"})
    date: string;

    @CHECK_USER_PERMISSION(IF AUTHORIZED => REVEAL FIELD VALUE, IF NOT RETURN NULL) <====
    @Field(() => Int)
    @Column({name: 'fees', type: "int"})
    fees: number;

    @Field(() => String, {nullable: true})
    @Column({name: 'notes', type: "longtext"})
    notes: string;

}

THANKS IN ADVANCE

本文标签: Authorization of database model field using nestjs nextjstypeorm nestjsgraphqlStack Overflow

版权声明:本文标题:Authorization of database model field using nestjs @nextjstypeorm @nestjsgraphql - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745673044a2669687.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。