Created
September 19, 2018 20:17
-
-
Save guidolodetti/48ba1b061b7bfcf4a7fd4e2264adce47 to your computer and use it in GitHub Desktop.
GraphQL nested authorization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
enum ROLES { | |
USER | |
USER_OWNER | |
} | |
type User { | |
id: ID! # This field is public | |
name: String @requires(role: USER) # This field is available to all registered users | |
privateField: String @requires(role: USER_OWNER) # From here I can just compare the object id with the context user id | |
nestedField: AnotherObject | |
} | |
type AnotherObject { | |
publicField: String | |
ownerPrivateField: String @requires(role: USER_OWNER) # From here I can't get the parent user id and so I don't know how to check the owner! | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment