Open foxyblocks opened 9 months ago
Sounds very useful! Maybe we can explicitly define the fields instead of doing include, such as in strawberry-django
:
@strawberry_sqlalchemy.type
class OnlyIncluded:
fieldA: strawberry.auto
fieldB: strawberry.auto
and have the following rule:
If at least one field of the type is annotated with strawberry.auto, only fields listed with .auto will be included.
Of course we can map this to an __include__
internally, but this seems like a nice, readable and explicit case compared to a long list of excluded field names. Additionally, we can later expand it into strawberry_sqlalchemy.field(auto)
to extend the functionality.
/cc @mattalbr
Feature Request Type
Description
I see that the
__exclude__
property is available to specify the model fields that should be excluded from the graphql API but i'm wonder how you would go the other direction and only expose the fields that explicitly specified in an__include__
list.The reason for this is that, with the current functionality, it would be easy for a developer to add a sensitive field to the data model and forget to exclude it from the graphql schema definition, thus exposing it to the API.
Upvote & Fund