refactor: Permissions using Field Extensions

[erikwrede]

• feat: add field extension support
• fix: revert imports broken by pycharm
• [pre-commit.ci] auto fixes from pre-commit.com hooks
• fix: match error message on test
• chore: refactor & add RELEASE.md
• chore: make mypy happy
• feat(draft): add permission extension

Description

blocked by #2168

Closes #244
Closes #2454

Types of Changes

• Core
• Bugfix
• New feature
• Enhancement/optimization
• Documentation

Issues Fixed or Closed by This PR

Checklist

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• I have tested the changes and verified that they work and don't break anything (as well as I can manage).

[codecov]

Codecov Report

Merging #2570 (6305e7d) into main (5b5b717) will increase coverage by 0.01%.
The diff coverage is 99.07%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2570      +/-   ##
==========================================
+ Coverage   96.59%   96.61%   +0.01%     
==========================================
  Files         482      483       +1     
  Lines       29988    30161     +173     
  Branches     3702     3726      +24     
==========================================
+ Hits        28967    29140     +173     
+ Misses        834      832       -2     
- Partials      187      189       +2     

[botberry]

Thanks for adding the RELEASE.md file!

Here's a preview of the changelog:

---

Permissions classes now use a FieldExtension. The new preferred way to add permissions
is to use the PermissionsExtension class:

import strawberry
from strawberry.permission import PermissionExtension, BasePermission


class IsAuthorized(BasePermission):
    message = "User is not authorized"
    error_extensions = {"code": "UNAUTHORIZED"}

    def has_permission(self, source, info, **kwargs) -> bool:
        return False


@strawberry.type
class Query:
    @strawberry.field(extensions=[PermissionExtension(permissions=[IsAuthorized()])])
    def name(self) -> str:
        return "ABC"

The old way of adding permissions using permission_classes is still
supported via the automatic addition of a PermissionExtension on the field.

Using the new PermissionExtension API, permissions support even more features:

Silent errors

To return None or [] instead of raising an error, the fail_silently keyword
argument on PermissionExtension can be set to True.

Custom Error Extensions & classes

Permissions will now automatically add pre-defined error extensions to the error, and
can use a custom GraphQLError class. This can be configured by modifying
the error_class and error_extensions attributes on the BasePermission class.

Customizable Error Handling

To customize the error handling, the on_unauthorized method on
the BasePermission class can be used. Further changes can be implemented by
subclassing the PermissionExtension class.

Schema Directives

Permissions will automatically be added as schema directives to the schema. This
behavior can be altered by setting the add_directives to False
on PermissionExtension, or by setting the _schema_directive class attribute of the
permission to a custom directive.

Here's the tweet text:

🆕 Release (next) is out! Thanks to Erik Wrede for the PR 👏

Get it here 👉 https://beta.strawberry.rocks/release/(next)

[jkimbo]

This is awesome @erikwrede ! Much better than I could have done.

[cpsnowden]

Is there a time frame on this feature? Super excited by having authorization self-documenting on the schema

[erikwrede]

@cpsnowden going to /cc @patrick91 on this, IIRC the work on this is done and this is ready for merge

[patrick91]

left some initial comments :)

[codspeed-hq]

CodSpeed Performance Report

Merging #2570 will not alter performance

_{Comparing erikwrede:2168-permission-field-extension (6305e7d) with main (5b5b717)}

Summary

✅ 12 untouched benchmarks

[erikwrede]

@patrick91 Py3.12 tests fail with this:

nox > Error: python is not installed into the virtualenv, it is located at /opt/hostedtoolcache/Python/3.11.5/x64/bin/python. Pass external=True into run() to explicitly allow this.

any idea? 👀

[patrick91]

@patrick91 Py3.12 tests fail with this:

nox > Error: python is not installed into the virtualenv, it is located at /opt/hostedtoolcache/Python/3.11.5/x64/bin/python. Pass external=True into run() to explicitly allow this.

any idea? 👀

Ah yes, this happens once in a while, not sure why, it is fine to retry them 😊

[XChikuX]

@patrick91 @erikwrede Are we ready to merge this?

I'm planning to start implementing permissions and I'd prefer to start with the new way.

[erikwrede]

@XChikuX sorry for the delay, I didn't find any time to talk this through with patrick the last weeks. Trying to get it done this month. Does that work 4 u?

[XChikuX]

I can't, in good conscience ask you to work faster 😁

I appreciate all the work you've put into the PR. Get it out at your time, I was mostly curious why it hasn't been merged.

I'll refactor my code later as necessary.

[wlaub]

I'm suddenly getting snake case argument names instead of camel case in the kwargs passed to has_permissions. Is this an intentional change? I don't see it listed on the breaking changes page, but it's breaking some things. I can fix it locally, but it would be useful to know whether the change was intentional or whether it's likely to be reverted in the future.

[patrick91]

@wlaub sorry for the late reply, I've opened a PR to update the release notes for this: #3371