| Q | A
| ---------------- | -----
| Bug report? | no
| Feature request? | yes
| BC Break report? | no
| RFC? | yes
| Version/Branch | x.y.z
Setting access expression at query level, and prevent database access if user doesnt have to those queries.
Hi @Lube,
can you give an example to explain the difference between what you asking for and the current access feature please?
@Lube have you tried using the Symfony security layer?
Add a firewall targeting your endpoint
firewalls:
graphql:
pattern: ^/graphql
stateless: true
<YOUR_PROVIDER>: <CONFIG>
Set an access_control
access_control:
- { path: ^/graphql, roles: IS_AUTHENTICATED_FULLY }
I don't know if its related, but i have a problem to get user in resolve property.
I'm fully authenticated for rest routes, but when I attempted to access graphql, user is set anonymous.
It's probably a misconfiguration at symfony level, but maybe you have a suggestion?
Thanks
If I try setting access: "@=isAuthenticated()", i got "Access denied to this field." message.
I have only set this in routing:
overblog_graphql_endpoint:
path: /graphql
defaults:
_controller: OverblogGraphQLBundle:Graph:endpoint
_format: "json"
and in security:
access_control:
- { path: ^/graphql, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: [POST] }
and finally the firewalls:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/auth/form$
anonymous: true
token:
pattern: ^/token$
security: false
secured:
pattern: ^/
guard:
authenticators:
- acme_superadmin.token_authenticator
- acme_app.token_authenticator
entry_point: acme_app.token_authenticator
saml:
username_attribute: '%sso_saml_username_attribute%'
check_path: /saml/acs
login_path: /saml/login
always_use_default_target_path: true
user_factory: acme_user.user_manipulator
form_login_ldap:
login_path: /#/sign-in
check_path: /auth/login
service: ldap
dn_string: '%ldap_binddn%'
require_previous_session: false
always_use_default_target_path: true
form_login:
login_path: /#/sign-in
check_path: /auth/login
require_previous_session: false
always_use_default_target_path: true
logout:
path: /saml/logout
anonymous: ~
remember_me:
secret: '%secret%'
lifetime: '%remember_me_lifetime%'
Ok, it seems to be a problem with Apollo Client, not Symfony or this bundle. I will put the solution here as soon as i found to pass cookies. Something related to https://github.com/github/fetch/blob/7f71c9bdccedaf65cf91b450b74065f8bed26d36/README.md#sending-cookies
Here the solution for me: http://dev.apollodata.com/angular2/auth.html#Cookie
closing this feel free to reopen if needed...