GraphQL Auth on predicates

amaster507 · December 28, 2021, 4:40pm

work arounds to situations like this do indeed create additional problems that need even more workarounds.

type User @auth(
  update: { OR: [
    # Rule to let users update the user if the Administration status is == 0
    { rule: """
      query ($USERNAME: String!) {
        queryUser(filter: { username: { eq: $USERNAME } }) {
          adminFields(filter: { status: { eq: 0 } }) {
            status
          }
        }
      }
      """ },
    # Rule to let admin role update all users
    { rule: "{$ROLE: {eq:\"Admin\"}}" }
  ] }
) {
    username: String! @id
    nickname: String
    adminFields: Administration!
}
type Administration {
    status: Int! @search
}

Note this is not the most efficient method and it would be better if we could do:

Topic		Replies	Views
The `@auth` directive - Graphql Documentation	13	2389	December 12, 2020
Mutations - Graphql Documentation	1	1038	December 10, 2021
Restrict visibility of graphql mutation and queries GraphQL	4	857	July 30, 2020
The Need for Update auth after logic GraphQL kind:feature	8	1600	January 26, 2022
How to reference the authenticated user with the entity that is going to be created GraphQL graphql , auth	8	1264	November 4, 2020

GraphQL Auth on predicates

Related Topics