Closed ghost closed 6 years ago
The intention in the https://github.com/exAspArk/graphql-guard/pull/6 was the opposite. Not to prevent accessing introspection types but to "allow introspection queries to skip authorization".
Could you please change the example to something like:
if type.introspection?
->(obj, args, ctx) { true } # of "false" to restrict an access
else
RULES.dig(type, field)
end
?
Sorry. You're right.
@johnunclesam thank you for contributing! 🙌
type.introspection? ? ->(obj, args, ctx) { false } : RULES.dig(type, field)