|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace GraphQLAPI\GraphQLAPI\Config; |
|
6
|
|
|
|
|
7
|
|
|
use PoP\Engine\TypeResolvers\RootTypeResolver; |
|
8
|
|
|
use PoP\Root\Component\PHPServiceConfigurationTrait; |
|
9
|
|
|
use GraphQLAPI\GraphQLAPI\Security\UserAuthorization; |
|
10
|
|
|
use PoP\Root\Container\ContainerBuilderUtils; |
|
11
|
|
|
use PoP\AccessControl\Services\AccessControlManagerInterface; |
|
12
|
|
|
use PoPSchema\UserRolesAccessControl\Services\AccessControlGroups as UserRolesAccessControlGroups; |
|
13
|
|
|
|
|
14
|
|
|
class ServiceConfiguration |
|
15
|
|
|
{ |
|
16
|
|
|
use PHPServiceConfigurationTrait; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* Validate that only the right users can access private fields |
|
20
|
|
|
* |
|
21
|
|
|
* @return void |
|
22
|
|
|
*/ |
|
23
|
|
|
protected static function configure() |
|
24
|
|
|
{ |
|
25
|
|
|
self::configureAccessControl(); |
|
26
|
|
|
} |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* Validate that only the right users can access private fields |
|
30
|
|
|
* |
|
31
|
|
|
* @return void |
|
32
|
|
|
*/ |
|
33
|
|
|
protected static function configureAccessControl(): void |
|
34
|
|
|
{ |
|
35
|
|
|
$schemaEditorAccessCapability = UserAuthorization::getSchemaEditorAccessCapability(); |
|
36
|
|
|
$capabilities = [$schemaEditorAccessCapability]; |
|
37
|
|
|
ContainerBuilderUtils::injectValuesIntoService( |
|
38
|
|
|
AccessControlManagerInterface::class, |
|
39
|
|
|
'addEntriesForFields', |
|
40
|
|
|
UserRolesAccessControlGroups::CAPABILITIES, |
|
41
|
|
|
[ |
|
42
|
|
|
[RootTypeResolver::class, 'accessControlLists', $capabilities], |
|
43
|
|
|
[RootTypeResolver::class, 'cacheControlLists', $capabilities], |
|
44
|
|
|
[RootTypeResolver::class, 'fieldDeprecationLists', $capabilities], |
|
45
|
|
|
] |
|
46
|
|
|
); |
|
47
|
|
|
} |
|
48
|
|
|
} |
|
49
|
|
|
|
GraphQLAPI /
graphql-api-for-wp
