Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorization on a field in graphql-ruby

From this guide I don't understand how we can add authorization on a field in graphql-ruby.

I understand how we can deny access to an entire object but I don't see how we can prevent access to just a field of an object. In my usecase, I want to prevent some queries to access a String field in my UserType.

Is it possible? With the field helper?

like image 521
Such Avatar asked Mar 09 '19 08:03

Such


2 Answers

You could use scoping in the GraphQL-ruby or use gem graphql-guard.

For scoping to work, you should be either using Pundit scope or CanCan accessible_by.

FYI, I haven't used it yet anywhere but seems like both could solve your problem to me.

like image 61
Abhay Nikam Avatar answered Sep 28 '22 01:09

Abhay Nikam


I used gem graphql-guard.

GUARD = lambda do |obj, args, ctx|
  ...some logics...
end

field :some_field, String, null: false, guard: GUARD

And when I wanted to use only some of the arguments like lambda do |_, args, _|

like image 37
Colin Lee Avatar answered Sep 28 '22 03:09

Colin Lee