Support for permissions?

[janit]

Since GraphQL is so liberal in telling the world about it’s capabilities it is easy to expose data by accident. While permissions for accessing content in the eZ Platform should be limited, often permissions are more lax than they should be. People are lazy, and developers even more so.

I think adding permission limitation for individual queries could help this and further simplify the experience for API consumers as well. A simple limitation policy could be set which endpoints are accessible to users. More granular permissions would likely be overkill and should be left up to the repository.

I am not even sure if it is ok by GraphQL spec to serve a different schema per user, but something along these lines would make it easy to prevent leaking user data, even if the repository permissions would allow access.

[bdunogier]

What do you mean by "for individual queries" ? GraphQL queries ? How would you specify which are restricted ?

[janit]

Individual Queries exposed from the repository by the bundle. Access to these individual functions would be done using the eZ Platform permissions system using a policy with a set of limitations.

In the GUI a the GraphQL Module (not sure how the lingo should be now) would allow setting a policy with the following limitations (matching whatever the complete GraphQL functionality is):

• location
• content
• user
• userGroups
• contentType
• locationChildren
• contentTypes
• searchContent

This would make it easy to limit access to anonymous users to only have access to location, content and locationChildren, for example. The schema sent to an anonymous user would then only contain the following GraphQL Queries:

• location
• content
• locationChildren

[bdunogier]

I've done some research & prototyping, see #65.

[janit]

This is what I wanted originally :) It is a good way to make sure unwanted items (such as users, etc.) are not exposed via the API due to lax content reading permissions.