Refactor SQLAlchemyConnectionField to use SQLAlchemyObjectType.get_query()

[lyschoening]

Right now, SQLAlchemyConnectionField uses the get_query() implementation in graphene_sqlalchemy.utils. The same code is in SQLAlchemyObjectType.

https://github.com/graphql-python/graphene-sqlalchemy/blob/1d353f71f4ff256dcf69a7a13a27e4865282b044/graphene_sqlalchemy/fields.py#L18-L20

https://github.com/graphql-python/graphene-sqlalchemy/blob/1d353f71f4ff256dcf69a7a13a27e4865282b044/graphene_sqlalchemy/types.py#L146-L149

This means that if someone wants to update the query for an SQLAlchemyObjectType, e.g. to implement permissions restrictions, they have to subclass not only SQLAlchemyObjectType but also SQLAlchemyConnectionField.

I suggest refactoring SQLAlchemyConnectionField to re-use the get_query() implementation of the SQLAlchemyObjectType it wraps. I'm willing to look into creating a PR if there is interest.

[exit99]

Seems to me like this is the responsibility of the request handler. If you want global permissions add them to the graphene middleware: http://docs.graphene-python.org/en/latest/execution/middleware/

result = schema.execute('THE QUERY', middleware=[AuthorizationMiddleware()])

For a lot of people that is probably in flask-graphql here: https://github.com/graphql-python/flask-graphql/blob/ab5831f4f1dd6c0840c5fbd86d9dfd6180d25b21/flask_graphql/graphqlview.py#L23

If you want more robust control over the individual ObjectTypes, that is what the resolve_XXX method is for on the query. Subclassing the ObjectType is redundant.