Comments (3)
rasmusjp
commented on June 9, 2024
Woops, linked the wrong issue
from umbraco-graphql.
PeteDuncanson
commented on June 9, 2024
Ok I'm getting somewhere with this so time for an update. So far I've got two database tables:
Accounts - contains information about an account that can access your data, you can create multiple account and store an access token with each, disable them, give them a friendly name etc. Currently we always ship with a Default account which has no permissions as default.
AccountSettings - this stores a row per property per doctype with a FK on AccountId. We only store rows you have access too (at least that the current thinking), if its not listed then you don't have access to it. This means if you add new fields to a doctype later they will be private by default and you will have to opt in to make them visible.
Next query is how best to pass this token around? Currently I've got it working via a query string param but GraphiQL out the box doesn't support this so I'm looking at other methods. The logical one while allowing GraphiQL to be used is to actually pass it in as part of the query but I'm not sure how this will play nice as yet so held off it.
This lead onto another line of thinking about bigger things such as CORS and JWT tokens etc. I got to thinking about how do the REST API for Umbraco handle all this stuff so went and had a poke around (https://github.com/umbraco/UmbracoRestApi/blob/master/src/Umbraco.RestApi/Security/UmbracoAuthorizationServerProvider.cs)
Seems it sort of does handle it and also doesn't. It assumes that you have to be logged in to the back office (and it gives you an endpoint to do that) and then uses all the back office logic to limit your start nodes, which sections you can see, etc. Trouble is that isn't very granular so I think we need to do more.
For now though I simply want to get the option of not being able to see everything up and running. Basically set up a default account that has default permissions and then you can opt in to allow fields to be visible. As we've got the database tables in place I'm keen to use those and I might manually add in the field names for starters until we can get a UI on it.
from umbraco-graphql.
rasmusjp
commented on June 9, 2024
Hi
Just wanted to let you know that the project is moving to the Umbraco Community GitHub organisation, so we are closing all existing issues.
If you think your issue is still relevant, please feel free to reopen it.
/Rasmus
from umbraco-graphql.
Related Issues (20)
- Custom fields not outputted in umbraco8 branch HOT 2
- Make umbraco8 the master branch HOT 1
- graphql endpoints HOT 1
- What's the syntax for filtering queries? HOT 2
- Umbraco 8 support? HOT 1
- Call for maintainers HOT 4
- Performance tests and benchmarks
- Security investigation
- Build pipeline and automated release
- Multi-lingual content and variants HOT 1
- Remove ToDos from README.md and move them into issues (if they still apply) HOT 3
- Support Dictionary Items
- Investigate similar solutions in other (open source) CMS
- Create Developer Documentation
- Support for Unicore HOT 3
- Revisit filtering
- Cannot access Rich Text field with Macro via GraphQL HOT 2
- Future of this project? HOT 4
- Exception when running with Umbraco 9.1.2 HOT 1
- V13 LTS update
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from umbraco-graphql.