We have a issue and want to limit permission each roles.
Do we have any way to make Graphql can set permission roles as Rest API?
EX: Admin token with roles "sales", they only access Graphql APIs of Sales.
Add a comment |
1 Answer
I wasn't able to find anything cleary documented regarding this, so here is what I used. Not sure if it's the best way so please let me know!
In resolver class or interface that handles the graphql request:
//add the dependency to your constructor Magento\Framework\AuthorizationInterface ... //use the authorization to check the resource id set in acl.xml // throw exception (or you could return false or do something else) if (!$this->authorization->isAllowed('Your_Resource_Id')) { throw new \Magento\Framework\Webapi\Exception(__('Forbidden'), 0, 403); } 