Closed jonasled closed 2 years ago
Hi @jonasled :)
I'm not sure I really understand. Do you mean that the access: "@=hasRole('ROLE_ADMIN')"
is ignored when using batching?
From your screenshots, I don't see any particular problem as the - { path: ^/api/graphql/batch, roles: ROLE_USER }
kicks first if the user is not connected, then the access
should be checked.
Do you mind yo clarify?
yes, the hasRole
is ignored. The entry in the security.yaml was only for testing, there is a active session with the admin and the user role, which also works for other endpoints (e.g. the graphql endpoint without batching). Only on the batching endpoint this is not working.
OK, problem found it was my fault. The apollo Angular module doesn't include the session cookie
Hi, I have a symfony project with the security component and the graphQLBundle. For the single query endpoint everything is working fine, but with the batching endpoint the role check isn't working. Below is my configuration.
Query.types.yaml:
graphql.yaml:
security.yaml: