This application demonstrates how we can use Flask to build a GraphQL API that can create and return flexible and meaningful data and then leverage that data setup to assign on-the-fly permissions to users using attribute-based access control and graph-based access control.
First we'll setup our backend using Flask and an SQLite database. Next we'll bring in GraphQL to build an API that will allow us to interact with quidditch teams, players, and games. Finally we'll see how we can use Auth0 rules to integrate the different access control models.
For more background and a step-by-step, check out the accompanying article: Dynamic Authorization with GraphQL and Rules!
First install Python if it's not already on your machine (Python 3 in this example).
Next clone this repo and enter into the root folder.
git clone https://github.com/hollylawly/flask-graphql-quidditch-manager
cd flask-graphql-quidditch-manager
Setup a virtual environment (not necessary, but recommended) so that the dependencies are all together and there are no conflicts.
For Mac/Linux:
python3 -m venv env
For Windows:
py -3 -m venv env
Activate the virtual environment
For Windows:
env\Scripts\activate
Mac or Linux use:
. env/bin/activate
Install our dependencies
pip install -r requirements.txt
Populate the database with our mock data. First open up a Python shell by typing python
in your terminal. Then paste in the following and press enter:
from database import Base, engine, db_session
from models import Team, Player, Game
Base.metadata.create_all(bind=engine)
team1 = Team(name='Gryffindor', rank=1)
db_session.add(team1)
team2 = Team(name='Slytherin', rank=2)
db_session.add(team2)
team3 = Team(name='Ravenclaw', rank=4)
db_session.add(team3)
team4 = Team(name='Hufflepuff', rank=3)
db_session.add(team4)
player1 = Player(name='Harry Potter', year=2, position='Seeker', on_team=team1)
db_session.add(player1)
player2 = Player(name='Draco Malfoy', year=2, position='Seeker', on_team=team2)
db_session.add(player2)
player3 = Player(name='Oliver Wood', year=4, position='Captain', on_team=team1)
db_session.add(player3)
player4 = Player(name='Vincent Crabbe', year=2, position='Beater', on_team=team2)
db_session.add(player4)
player5 = Player(name='Cho Chang', year=2, position='Seeker', on_team=team3)
db_session.add(player5)
player6 = Player(name='Cedric Diggory', year=4, position='Captain', on_team=team4)
db_session.add(player6)
player7 = Player(name='Roger Davies', year=3, position='Captain', on_team=team3)
db_session.add(player7)
player8 = Player(name='Gregory Goyle', year=2, position='Beater', on_team=team2)
db_session.add(player8)
player9 = Player(name='Katie Bell', year=4, position='Chaser', on_team=team1)
db_session.add(player9)
player10 = Player(name='Zacharias Smith', year=3, position='Chaser', on_team=team4)
db_session.add(player10)
game1 = Game(level='Practice', winner_id=1, loser_id=2)
db_session.add(game1)
game2 = Game(level='Practice', winner_id=4, loser_id=1)
db_session.add(game2)
game3 = Game(level='Practice', winner_id=1, loser_id=3)
db_session.add(game3)
game4 = Game(level='Practice', winner_id=2, loser_id=4)
db_session.add(game4)
game5 = Game(level='Practice', winner_id=2, loser_id=3)
db_session.add(game5)
game6 = Game(level='Practice', winner_id=3, loser_id=4)
db_session.add(game6)
game7 = Game(level='First', winner_id=1, loser_id=2)
db_session.add(game7)
game8 = Game(level='First', winner_id=4, loser_id=3)
db_session.add(game8)
game9 = Game(level='Final', winner_id=1, loser_id=4)
db_session.add(game9)
db_session.commit()
Then press ctrl
+ Z
to exit.
Next just start the server with:
python app.py
View the GraphQL IDE at http://localhost:5000/graphql
Paste these on the left-hand side and you can see the result on the right-hand side
{
allPlayers {
edges {
node {
name
position
}
}
}
}
{
getPlayer(name: "Harry Potter") {
name
position
teamName {
name
rank
}
}
}
To exit and deactivate the virtual environment:
deactivate