Skip to content

Instantly share code, notes, and snippets.

@guidolodetti
Created September 19, 2018 20:17
Show Gist options
  • Save guidolodetti/48ba1b061b7bfcf4a7fd4e2264adce47 to your computer and use it in GitHub Desktop.
Save guidolodetti/48ba1b061b7bfcf4a7fd4e2264adce47 to your computer and use it in GitHub Desktop.
GraphQL nested authorization
enum ROLES {
USER
USER_OWNER
}
type User {
id: ID! # This field is public
name: String @requires(role: USER) # This field is available to all registered users
privateField: String @requires(role: USER_OWNER) # From here I can just compare the object id with the context user id
nestedField: AnotherObject
}
type AnotherObject {
publicField: String
ownerPrivateField: String @requires(role: USER_OWNER) # From here I can't get the parent user id and so I don't know how to check the owner!
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment