Open Source Low-code API development framework Featuring ready-to-go Security and MongoDB API
GNU Affero General Public License v3.0
792
stars
170
forks
source link
Add auth GraphQL directive to control field visibility according to auth roles #478
Open
ujibang opened 10 months ago
Brief overview
Enhance GraphQL authorization providing a field directive to enforce visibility on the basis of client role.
Rationale
Currently RH allows to provide different views to different roles with the so called multi-schema solution: see https://restheart.org/docs/security/security-hardening#define-role-specific-graphql-applications
A more flexible approach is providing a directive to control field visibility:
See also https://www.graphql-java.com/documentation/field-visibility/
Detailed documentation
TBD