more precise permission control

selfprivacy_api/app.py

@@ -23,7 +23,7 @@ from selfprivacy_api.migrations import run_migrations
 
 from selfprivacy_api.utils.auth import is_token_valid
 
-from selfprivacy_api.graphql import schema
+from selfprivacy_api.graphql.schema import schema
 
 swagger_blueprint = get_swaggerui_blueprint(
     "/api/docs", "/api/swagger.json", config={"app_name": "SelfPrivacy API"}

selfprivacy_api/graphql/__init__.py

@@ -1,13 +1,10 @@
 """GraphQL API for SelfPrivacy."""
 # pylint: disable=too-few-public-methods
 import typing
-import strawberry
 from strawberry.permission import BasePermission
 from strawberry.types import Info
 from flask import request
 
-from selfprivacy_api.graphql.queries.api import Api
-from selfprivacy_api.graphql.queries.system import System
 from selfprivacy_api.utils.auth import is_token_valid
 
 class IsAuthenticated(BasePermission):
@@ -23,15 +20,3 @@ class IsAuthenticated(BasePermission):
         if not is_token_valid(auth):
             return False
         return True
-
-
-@strawberry.type
-class Query:
-    """Root schema for queries"""
-    system: System
-    @strawberry.field(permission_classes=[IsAuthenticated])
-    def api(self) -> Api:
-        """API access status"""
-        return Api()
-
-schema = strawberry.Schema(query=Query)

selfprivacy_api/graphql/queries/api.py

@@ -4,6 +4,7 @@ import datetime
 import typing
 from flask import request
 import strawberry
+from selfprivacy_api.graphql import IsAuthenticated
 from selfprivacy_api.utils import parse_date
 
 from selfprivacy_api.utils.auth import (
@@ -74,5 +75,5 @@ def get_recovery_key_status() -> ApiRecoveryKeyStatus:
 class Api:
     """API access status"""
     version: str = strawberry.field(resolver=get_api_version)
-    devices: typing.List[ApiDevice] = strawberry.field(resolver=get_devices)
-    recovery_key: ApiRecoveryKeyStatus = strawberry.field(resolver=get_recovery_key_status)
+    devices: typing.List[ApiDevice] = strawberry.field(resolver=get_devices, permission_classes=[IsAuthenticated])
+    recovery_key: ApiRecoveryKeyStatus = strawberry.field(resolver=get_recovery_key_status, permission_classes=[IsAuthenticated])

selfprivacy_api/graphql/schema.py

@@ -0,0 +1,19 @@
+"""GraphQL API for SelfPrivacy."""
+# pylint: disable=too-few-public-methods
+import typing
+import strawberry
+
+from selfprivacy_api.graphql.queries.api import Api
+from selfprivacy_api.graphql.queries.system import System
+
+
+@strawberry.type
+class Query:
+    """Root schema for queries"""
+    system: System
+    @strawberry.field
+    def api(self) -> Api:
+        """API access status"""
+        return Api()
+
+schema = strawberry.Schema(query=Query)