User tokens

[u12206050]

Added permissions for individual entry types. Such that some can be public and others private per user.

Limitation: One cannot mix private and public types in the same query since it will fallback to then only showing entries that the user is the author of.

[u12206050]

Have update to support mixed queries!

[u12206050]

Added the required Headers in order to update the token on each request.

However I seem to have found a limitation with the user-tokens branch, there is now no anonymous querying functionality even with a predefined token that I set via the user settings.

Any ideas?

[markhuot]

Him, I'll take a peek but ideally anyone could query {helloWorld} and get something back to validate their install is working correctly.

[u12206050]

Seems best workaround is just generating a "Public" token under /admin/settings/plugins/craftql since even though it is unique for the admin user it does not seem to assume the user when checking it as a JWT. Just be sure to limit the scope of the token eg. Only allowing it to view certain entity types.

On the frontend if the user is not logged in use the "Public" token and then once the user logs in switch to the new token.

Example as an option within VueApollo

/* Non-JWT token generated in admin panel */
const PUBLIC_KEY = "mn60sKaOMHv5aE7nlF91jbGdPBcWALkx"

{ ...
  getAuth: () => {
    /* Get user object from local storage */
    const user = getLsJson('user')
    console.log('token', user.token)
    return `Bearer ${user.loggedIn ? user.token : PUBLIC_KEY}`
  },

... 
}