Prisma|Native Authenticate Method

发表于 | 更新于: | 分类于 | 阅读次数:
字数统计: 247 | 阅读时长 ≈ 1

针对以下的 schema

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
type Query {
  vehicles(dealership: ID!): [Vehicle!]!
}

type Mutation {
  updateVehicleAskingPrice(id: ID!, askingPrice: Int!): Vehicle
}

type Vehicle {
  id: ID!
  year: Int!
  make: String!
  model: Int!
  askingPrice: Float
  costBasis: Float
  numberOfOffers: Int
}

type User {
  id: ID!
  name: String!
  role: String!
}

  • updataVehicleAskingPrice应该只能有管理员操作
  • costBasis: 仅限于管理员
  • numberOfOffers: 认证用户可以使用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
const Mutation = {
  updateVehicleAskingPrice: async (parent, { id, askingPrice }, context, info) => {
    const userId = getUserId(context)
    //用户的 role进行查询,看看是否数据管
    const isRequestingUserManager = await context.db.exists.User({
      id: userId,
      role: `MANAGER`
    })
    if (isRequestingUserManager) {
      return await context.db.mutation.updateVehicle({
        where: { id },
        data: { askingPrice }
      })
    }
    throw new Error(
        `Invalid permissions, you must be a manager to update vehicle year`
    )
  }
}

使用exists函数.

字段级别的认证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
const Query = {
  vehicles: async (parent, args, context, info) => {
    const vehicles = await context.db.query.vehicles({
      where: { dealership: args.id }
    })
    const user = getUser(context)

    return vehicles.map(vehicle => ({
      ...vehicle,
      costBasis:
          user && user.role.includes(`MANAGER`) ? vehicle.costBasis : null,
      numberOfOffers: user ? vehicle.numberOfOffers : null
    }))
  }
}