Hi, we want to restrict from specific users some fields from being provided on a specific input type.
A good solution for it can be using directives:
input SomeInputType {
allowedField: String
restrictedField: String @restrict(from: visitor)
}
We want that every time that a visitor provides “SomeInputType” the restricted properties (“restrictedField”) will be provided to the server as null, i.e its value will be overriden.
Is it feasible? Using directive is a good approach here?
Very interesting! The only way I can think to do this is to add code your resolvers that inspects the arguments:
// any resolver
async (source, args, ctx, info) => {
const inputObjectArgs = info.parentType
.getFields()
[info.fieldName].args.filter((arg) => isInputObjectType(arg.type));
for (const input of inputObjectArgs) {
const { restrict } = getDirectives(info.schema, input);
if (restrict.from === "visitor") {
throw new AuthenticationError("restricted access");
}
}
There are some utilities in graphql-tools that would allow you to augment all resolvers with this logic, but that strikes me as wasteful. Hopefully this helps!
2 Likes