From f8748011f3feaead102ba10cd8b986bf89b8eabe Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 5 Mar 2024 16:27:34 -0800 Subject: [PATCH] 9856 GraphQLView --- netbox/extras/graphql/mixins.py | 2 +- netbox/netbox/graphql/views.py | 5 +++-- netbox/utilities/testing/api.py | 35 ++++++++++++++++++++++++--------- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/netbox/extras/graphql/mixins.py b/netbox/extras/graphql/mixins.py index 91014fbbd..df8d06b3b 100644 --- a/netbox/extras/graphql/mixins.py +++ b/netbox/extras/graphql/mixins.py @@ -62,7 +62,7 @@ class JournalEntriesMixin: @strawberry_django.field def journal_entries(self, info) -> List[Annotated["JournalEntryType", strawberry.lazy('.types')]]: - return self.journal_entries.restrict(info.context.request.user, 'view') + return self.journal_entries.all() @strawberry.type diff --git a/netbox/netbox/graphql/views.py b/netbox/netbox/graphql/views.py index d39f13807..b61157403 100644 --- a/netbox/netbox/graphql/views.py +++ b/netbox/netbox/graphql/views.py @@ -38,8 +38,9 @@ class NetBoxGraphQLView(GraphQLView): if settings.LOGIN_REQUIRED and not request.user.is_authenticated: # If this is a human user, send a redirect to the login page - if self.request_wants_html(request): - return redirect_to_login(reverse('graphql')) + # bug - todo? + # if self.request_wants_html(request): + # return redirect_to_login(reverse('graphql')) return HttpResponseForbidden("No credentials provided.") diff --git a/netbox/utilities/testing/api.py b/netbox/utilities/testing/api.py index 384d67707..61899aebf 100644 --- a/netbox/utilities/testing/api.py +++ b/netbox/utilities/testing/api.py @@ -19,7 +19,8 @@ from .base import ModelTestCase from .utils import disable_warnings from ipam.graphql.types import IPAddressFamilyType -from strawberry.type import StrawberryList +from strawberry.lazy_type import LazyType +from strawberry.type import StrawberryList, StrawberryOptional __all__ = ( 'APITestCase', @@ -450,13 +451,22 @@ class APIViewTestCases: for field in type_class.__strawberry_definition__.fields: # for field_name, field in type_class._meta.fields.items(): - print(f"field_name: {field.name} type: {field.type}") + # print(f"field_name: {field.name} type: {field.type}") + + if field.name == 'site': + # breakpoint() + pass if type(field.type) is StrawberryList: fields_string += f'{field.name} {{ id }}\n' elif field.type is strawberry_django.fields.types.DjangoModelType: # Dynamic fields must specify a subselection - fields_string += f'{field.name} {{ id }}\n' + fields_string += f'{field.name} {{ pk }}\n' + elif type(field.type) is StrawberryOptional: + if type(field.type.of_type) is LazyType: + fields_string += f'{field.name} {{ id }}\n' + elif field.type.of_type == strawberry_django.fields.types.DjangoModelType: + fields_string += f'{field.name} {{ pk }}\n' # TODO: Improve field detection logic to avoid nested ArrayFields elif field.name == 'extra_choices': continue @@ -477,7 +487,15 @@ class APIViewTestCases: }} """ - print(query) + if "_list" not in name: + query = f""" + {{ + {name}_list {{ + {fields_string} + }} + }} + """ + return query @override_settings(LOGIN_REQUIRED=True) @@ -490,8 +508,7 @@ class APIViewTestCases: # Non-authenticated requests should fail with disable_warnings('django.request'): - print(f"url: {url}") - self.assertHttpStatus(self.client.post(url, data={'query': query}), status.HTTP_403_FORBIDDEN) + self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN) # Add object-level permission obj_perm = ObjectPermission( @@ -502,7 +519,7 @@ class APIViewTestCases: obj_perm.users.add(self.user) obj_perm.object_types.add(ContentType.objects.get_for_model(self.model)) - response = self.client.post(url, data={'query': query}, **self.header) + response = self.client.post(url, data={'query': query}, format="json", **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) data = json.loads(response.content) self.assertNotIn('errors', data) @@ -516,7 +533,7 @@ class APIViewTestCases: # Non-authenticated requests should fail with disable_warnings('django.request'): - self.assertHttpStatus(self.client.post(url, data={'query': query}), status.HTTP_403_FORBIDDEN) + self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN) # Add object-level permission obj_perm = ObjectPermission( @@ -527,7 +544,7 @@ class APIViewTestCases: obj_perm.users.add(self.user) obj_perm.object_types.add(ContentType.objects.get_for_model(self.model)) - response = self.client.post(url, data={'query': query}, **self.header) + response = self.client.post(url, data={'query': query}, format="json", **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) data = json.loads(response.content) self.assertNotIn('errors', data)