Permissions on types

[patrick91]

I was thinking about having the following two options:

1. Permissions on types
2. Default field permissions on types

Not sure if we need both, worth investigating for sure.

Permission on types

Something like this:

import strawberry

@strawberry.type(permission_classes=[AdminOnly, CurrentUser])
class User:
    id: strawberry.ID
    email: str

For this to work we need to hook into the resolvers and make sure we check the permissions of the returned object.

I see some complexity with interfaces and unions.

Also we might need to think about pre/post permissions (permission that run before the resolver and permissions that run after)

Default field permissions on types

This might be easier to implement, and it would look like this:

import strawberry

@strawberry.type(default_field_permission_classes=[AdminOnly, CurrentUser])
class User:
    id: strawberry.ID
    email: str
    name: str = strawberry.field(permission_classes=[])

(I don't like the long name)

This would basically change the permission classes for all the fields of this class, unless they already have a permission classes list set.

For something I'm working on this would be more useful than the first option.

I'm interested in people's opinion, I'd love to know what you think it's better to have :D

[XChikuX]

default_permissions should suffice

The rest is intuitive. Nothing other than the fields could have the permisson.

Add in the docs that you can only pass permission classes. Should be clear as day!