Closed dimaip closed 3 years ago
Another solution would be to somehow define automatic filtering on relations, so User->Organization->Users would return only myself. But that's probably more complicated and looks like a full-blown security layer.
FYI: I'm now building this. Feedback welcome: https://github.com/joindeed/prisma-auth
I need smth like
filterInputs
, but for CLI types generator (pal g).My problem is that I'm trying to secure inverse relations added by Prisma, basically I want to hide all of them from GraphQL. I had an idea to suffix the private fields with and then do smth like `return input.fields.filter((field) => !field.name.endsWith(''))`, but only not for inputs, but for actual type fields themselves.
I know I have
excludeFieldsByModel
, but that'd be very error-prone to blacklist them manually.Or are there any other ways to secure inverse relations? E.g. User->Organization->Users should not show the list of all users in the system.
Another solution would be to somehow define automatic filtering on relations, so User->Organization->Users would return only myself. But that's probably more complicated and looks like a full-blown security layer.