Add `__include__` to explicitly define exposed fields.

[foxyblocks]

Feature Request Type

• [ ] Core functionality
• [x] Alteration (enhancement/optimization) of existing feature(s)
• [ ] New behavior

Description

I see that the __exclude__ property is available to specify the model fields that should be excluded from the graphql API but i'm wonder how you would go the other direction and only expose the fields that explicitly specified in an __include__ list.

The reason for this is that, with the current functionality, it would be easy for a developer to add a sensitive field to the data model and forget to exclude it from the graphql schema definition, thus exposing it to the API.

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

[erikwrede]

Sounds very useful! Maybe we can explicitly define the fields instead of doing include, such as in strawberry-django:

@strawberry_sqlalchemy.type
class OnlyIncluded:
  fieldA: strawberry.auto
  fieldB: strawberry.auto

and have the following rule:

If at least one field of the type is annotated with strawberry.auto, only fields listed with .auto will be included.

Of course we can map this to an __include__ internally, but this seems like a nice, readable and explicit case compared to a long list of excluded field names. Additionally, we can later expand it into strawberry_sqlalchemy.field(auto) to extend the functionality.

/cc @mattalbr