mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

9856 GraphQLView

Browse Source
This commit is contained in:
Arthur
2024-03-05 16:27:34 -08:00
parent 14f04453bb
commit f8748011f3
3 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
netbox/extras/graphql/mixins.py
View File

@ -62,7 +62,7 @@ class JournalEntriesMixin:
@strawberry_django.field @strawberry_django.field
def journal_entries(self, info) -> List[Annotated["JournalEntryType", strawberry.lazy('.types')]]: def journal_entries(self, info) -> List[Annotated["JournalEntryType", strawberry.lazy('.types')]]:
return self.journal_entries.restrict(info.context.request.user, 'view') return self.journal_entries.all()
@strawberry.type @strawberry.type

5
netbox/netbox/graphql/views.py
View File

@ -38,8 +38,9 @@ class NetBoxGraphQLView(GraphQLView):
if settings.LOGIN_REQUIRED and not request.user.is_authenticated: if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
# If this is a human user, send a redirect to the login page # If this is a human user, send a redirect to the login page
if self.request_wants_html(request): # bug - todo?
return redirect_to_login(reverse('graphql')) # if self.request_wants_html(request):
# return redirect_to_login(reverse('graphql'))
return HttpResponseForbidden("No credentials provided.") return HttpResponseForbidden("No credentials provided.")

35
netbox/utilities/testing/api.py
View File

@ -19,7 +19,8 @@ from .base import ModelTestCase
from .utils import disable_warnings from .utils import disable_warnings
from ipam.graphql.types import IPAddressFamilyType from ipam.graphql.types import IPAddressFamilyType
from strawberry.type import StrawberryList from strawberry.lazy_type import LazyType
from strawberry.type import StrawberryList, StrawberryOptional
__all__ = ( __all__ = (
'APITestCase', 'APITestCase',
@ -450,13 +451,22 @@ class APIViewTestCases:
for field in type_class.__strawberry_definition__.fields: for field in type_class.__strawberry_definition__.fields:
# for field_name, field in type_class._meta.fields.items(): # for field_name, field in type_class._meta.fields.items():
print(f"field_name: {field.name} type: {field.type}") # print(f"field_name: {field.name} type: {field.type}")
if field.name == 'site':
# breakpoint()
pass
if type(field.type) is StrawberryList: if type(field.type) is StrawberryList:
fields_string += f'{field.name} {{ id }}\n' fields_string += f'{field.name} {{ id }}\n'
elif field.type is strawberry_django.fields.types.DjangoModelType: elif field.type is strawberry_django.fields.types.DjangoModelType:
# Dynamic fields must specify a subselection # Dynamic fields must specify a subselection
fields_string += f'{field.name} {{ id }}\n' fields_string += f'{field.name} {{ pk }}\n'
elif type(field.type) is StrawberryOptional:
if type(field.type.of_type) is LazyType:
fields_string += f'{field.name} {{ id }}\n'
elif field.type.of_type == strawberry_django.fields.types.DjangoModelType:
fields_string += f'{field.name} {{ pk }}\n'
# TODO: Improve field detection logic to avoid nested ArrayFields # TODO: Improve field detection logic to avoid nested ArrayFields
elif field.name == 'extra_choices': elif field.name == 'extra_choices':
continue continue
@ -477,7 +487,15 @@ class APIViewTestCases:
}} }}
""" """
print(query) if "_list" not in name:
query = f"""
{{
{name}_list {{
{fields_string}
}}
}}
"""
return query return query
@override_settings(LOGIN_REQUIRED=True) @override_settings(LOGIN_REQUIRED=True)
@ -490,8 +508,7 @@ class APIViewTestCases:
# Non-authenticated requests should fail # Non-authenticated requests should fail
with disable_warnings('django.request'): with disable_warnings('django.request'):
print(f"url: {url}") self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
self.assertHttpStatus(self.client.post(url, data={'query': query}), status.HTTP_403_FORBIDDEN)
# Add object-level permission # Add object-level permission
obj_perm = ObjectPermission( obj_perm = ObjectPermission(
@ -502,7 +519,7 @@ class APIViewTestCases:
obj_perm.users.add(self.user) obj_perm.users.add(self.user)
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model)) obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
response = self.client.post(url, data={'query': query}, **self.header) response = self.client.post(url, data={'query': query}, format="json", **self.header)
self.assertHttpStatus(response, status.HTTP_200_OK) self.assertHttpStatus(response, status.HTTP_200_OK)
data = json.loads(response.content) data = json.loads(response.content)
self.assertNotIn('errors', data) self.assertNotIn('errors', data)
@ -516,7 +533,7 @@ class APIViewTestCases:
# Non-authenticated requests should fail # Non-authenticated requests should fail
with disable_warnings('django.request'): with disable_warnings('django.request'):
self.assertHttpStatus(self.client.post(url, data={'query': query}), status.HTTP_403_FORBIDDEN) self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
# Add object-level permission # Add object-level permission
obj_perm = ObjectPermission( obj_perm = ObjectPermission(
@ -527,7 +544,7 @@ class APIViewTestCases:
obj_perm.users.add(self.user) obj_perm.users.add(self.user)
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model)) obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
response = self.client.post(url, data={'query': query}, **self.header) response = self.client.post(url, data={'query': query}, format="json", **self.header)
self.assertHttpStatus(response, status.HTTP_200_OK) self.assertHttpStatus(response, status.HTTP_200_OK)
data = json.loads(response.content) data = json.loads(response.content)
self.assertNotIn('errors', data) self.assertNotIn('errors', data)