GraphQL policy - accessing user

al_dev · August 13, 2022, 4:03pm

System Information

Strapi Version: 4.3.3
Operating System: OSX
Database: MySQL
Node Version: 14.19.3
NPM Version:
Yarn Version: 1.22.19

I’m having a hard time implementing isOwner in GraphQL.
Would prefer to be global vs per entity, but have done this so far - been searching docs and can’t find anything.

Help greatly appreciated.

If there a way to apply to all GraphQL queries or does it need to be specified for each one

//./src/index.js
const fund = require("./api/fund/routes/fund");

module.exports = {
  register({ strapi }) {
    const extensionService = strapi.plugin("graphql").service("extension");

    extensionService.use({
      resolversConfig: {
        "Query.currencies": {
          policies: [
            (context, config, { strapi }) => {
              console.dir(context.state);
              return true; //trivial example
            },
          ],
          auth: false,
        },
      },
    });
  },
};

But all I get back for context.state is:

{
  route: { info: { type: 'content-api' } },
  isAuthenticated: true,
  auth: {
    strategy: {
      name: 'users-permissions',
      authenticate: [AsyncFunction: authenticate],
      verify: [AsyncFunction: verify]
    },
    credentials: null
  }
}

al_dev · August 13, 2022, 9:33pm

Well if anyone comes across this…
If you don’t set an authorization header (Bearer) there will be no user.

Seems kind of obvious when I actually write this down

NilsMich · August 11, 2023, 11:44am

I had the same issue. Did not work for me even in the playground.

Place the following in the HTTP Headers section using the exact syntax worked for me.

{
  "Authorization":"Bearer REPLACE_WITH_YOUR_TOKEN"
}

Make sure there is no comma at at the end.