Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>Authorization of database model field using nestjs @nextjstypeorm @nestjsgraphql - Stack Overflow

    Authorization of database model field using nestjs @nextjstypeorm @nestjsgraphql - Stack Overflow

    matteradmin7PV0评论

    I'm using nestjs with @nestjs/typeorm and @nestjs/graphql beside some REST API in my backend.

    And for authorization, I'm using a token that will be sent to the backend with each request header that will be validated every time and will be used to fetch user permissions.

    I can modify the execution context and inject user permissions through the context function of the Graphqlmodule.

    
@Injectable()
export class gqconf implements GqlOptionsFactory {
   
    createGqlOptions(): ApolloDriverConfig {
        return {
            
            context: async ({req, res}) => {
                let ctx: CustomContext = {
                    req,
                    res,
                    permissions: [],
                }

                return (ctx);
            },

        }

    }

}

    But I can not modify the original (non-GraphQL) execution context to inject user permissions

    Q1. Is there a way to inject user permissions in both the REST execution context and GraphQL execution context? or should I inject permissions in every context separately?

    Q2. How to inject permissions in the original REST context?

    Also, I want to limit access to a field of typeorm model according to user permissions. This database model will be used as an object type through the @ObjectType decorator, and each desired field to be exposed will use the @Field decorator.

    I cannot use a custom decorator over desired field as it throws error.

    Q3.I want a way to access the execution context within the database model.

    @ObjectType()
@Entity({name: 'appointment', database: 'name'})
export class Appointment extends BaseEntity {

    @Field(() => String)
    @PrimaryGeneratedColumn('uuid')
    id: string;

    @Field(() => GraphQLISODateTime)
    @Column({name: "date", type: "datetime"})
    date: string;

    @CHECK_USER_PERMISSION(IF AUTHORIZED => REVEAL FIELD VALUE, IF NOT RETURN NULL) <====
    @Field(() => Int)
    @Column({name: 'fees', type: "int"})
    fees: number;

    @Field(() => String, {nullable: true})
    @Column({name: 'notes', type: "longtext"})
    notes: string;

}

    THANKS IN ADVANCE

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far