Skip to content
Snippets Groups Projects
Commit 1794fac4 authored by Nik | Klampfradler's avatar Nik | Klampfradler
Browse files

Merge branch 'graphql-login-required' into 'master'

Require login for GraphQL

See merge request AlekSIS/official/AlekSIS-Core!1076
parents f8c20e78 94888ba8
No related branches found
No related tags found
1 merge request!1076Require login for GraphQL
Pipeline #84694 canceled
......@@ -10,7 +10,6 @@ import calendarweek.django
import debug_toolbar
from ckeditor_uploader import views as ckeditor_uploader_views
from django_js_reverse.views import urls_js
from graphene_django.views import GraphQLView
from health_check.urls import urlpatterns as health_urls
from oauth2_provider.views import ConnectDiscoveryInfoView
from rules.contrib.views import permission_required
......@@ -144,7 +143,7 @@ urlpatterns = [
name="oauth2_provider:authorize",
),
path("oauth/", include("oauth2_provider.urls", namespace="oauth2_provider")),
path("graphql/", csrf_exempt(GraphQLView.as_view(graphiql=True)), name="graphql"),
path("graphql/", csrf_exempt(views.PrivateGraphQLView.as_view(graphiql=True)), name="graphql"),
path("__i18n__/", include("django.conf.urls.i18n")),
path(
"ckeditor/upload/",
......
......@@ -45,6 +45,7 @@ from django_celery_results.models import TaskResult
from django_filters.views import FilterView
from django_tables2 import RequestConfig, SingleTableMixin, SingleTableView
from dynamic_preferences.forms import preference_form_builder
from graphene_django.views import GraphQLView
from guardian.shortcuts import GroupObjectPermission, UserObjectPermission, get_objects_for_user
from haystack.generic_views import SearchView
from haystack.inputs import AutoQuery
......@@ -1615,3 +1616,7 @@ class ICalFeedCreateView(PermissionRequiredMixin, AdvancedCreateView):
obj.person = self.request.user.person
obj.save()
return super().form_valid(form)
class PrivateGraphQLView(LoginRequiredMixin, GraphQLView):
"""GraphQL view that requires a valid user session."""
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment