I am working on a project using GraphQL and graphql-shield for permission management. I want to define a public query that allows access to top-level fields of an entity while restricting access to related and computed fields that are part of PostGraphile.
Here is the schema in my GraphQL server:
`type Query {
persona(id: ID!): Person
}
type Person {
id: ID!
name: String!
lastname: String!
user: User
isAdmin: Boolean # This is a computed field
}
type User {
id: ID!
username: String!
pwd: String!
}`
Problem
I want all fields included in the query, including related fields and computed fields, to be publicly accessible. However, I want to restrict access to computed fields and sensitive data like User.username and User.pwd.
Desired Behavior
I want to avoid declaring permissions for each type and field individually. Instead, I would like to implement a generalized approach where computed fields and sensitive fields are automatically managed based on their types.
For instance, I want to have a rule such as isComputedFieldForUser - permitAccess which would automatically handle access permissions based on the type of field (e.g., computed fields or sensitive fields) without having to manually specify each one.
query { persona(id: "1") { name lastname user { username pwd } isAdmin } }
Question
How can I configure graphql-shield to handle this scenario? Specifically, I want to apply permissions in a generalized way so that computed fields and related fields are managed automatically based on their types, and sensitive fields have restricted access.
I would not like to give permission to each field one by one.
Hi,
I am working on a project using GraphQL and graphql-shield for permission management. I want to define a public query that allows access to top-level fields of an entity while restricting access to related and computed fields that are part of PostGraphile.
Here is the schema in my GraphQL server:
`type Query { persona(id: ID!): Person }
type Person { id: ID! name: String! lastname: String! user: User isAdmin: Boolean # This is a computed field }
type User { id: ID! username: String! pwd: String! }`
Problem
I want all fields included in the query, including related fields and computed fields, to be publicly accessible. However, I want to restrict access to computed fields and sensitive data like User.username and User.pwd. Desired Behavior
I want to avoid declaring permissions for each type and field individually. Instead, I would like to implement a generalized approach where computed fields and sensitive fields are automatically managed based on their types.
For instance, I want to have a rule such as isComputedFieldForUser - permitAccess which would automatically handle access permissions based on the type of field (e.g., computed fields or sensitive fields) without having to manually specify each one.
query { persona(id: "1") { name lastname user { username pwd } isAdmin } }Question How can I configure graphql-shield to handle this scenario? Specifically, I want to apply permissions in a generalized way so that computed fields and related fields are managed automatically based on their types, and sensitive fields have restricted access.
I would not like to give permission to each field one by one.