Permissions classes now use a FieldExtension. The new preferred way to add permissions
is to use the PermissionsExtension class:
import strawberry
from strawberry.permission import PermissionExtension, BasePermission
class IsAuthorized(BasePermission):
message = "User is not authorized"
error_extensions = {"code": "UNAUTHORIZED"}
def has_permission(self, source, info, **kwargs) -> bool:
return False
@strawberry.type
class Query:
@strawberry.field(extensions=[PermissionExtension(permissions=[IsAuthorized()])])
def name(self) -> str:
return "ABC"The old way of adding permissions using permission_classes is still
supported via the automatic addition of a PermissionExtension on the field.
Using the new PermissionExtension API, permissions support even more features:
Silent errors
To return None or [] instead of raising an error, the fail_silently keyword
argument on PermissionExtension can be set to True.
Custom Error Extensions & classes
Permissions will now automatically add pre-defined error extensions to the error, and
can use a custom GraphQLError class. This can be configured by modifying
the error_class and error_extensions attributes on the BasePermission class.
Customizable Error Handling
To customize the error handling, the on_unauthorized method on
the BasePermission class can be used. Further changes can be implemented by
subclassing the PermissionExtension class.
Schema Directives
Permissions will automatically be added as schema directives to the schema. This
behavior can be altered by setting the add_directives to False
on PermissionExtension, or by setting the _schema_directive class attribute of the
permission to a custom directive.
Releases contributed by @erikwrede via #2570