Overriding attribute in input type

Hi, we want to restrict from specific users some fields from being provided on a specific input type.
A good solution for it can be using directives:

input SomeInputType {
allowedField: String
restrictedField: String @restrict(from: visitor)
}

We want that every time that a visitor provides “SomeInputType” the restricted properties (“restrictedField”) will be provided to the server as null, i.e its value will be overriden.

Is it feasible? Using directive is a good approach here?

Very interesting! The only way I can think to do this is to add code your resolvers that inspects the arguments:

// any resolver
async (source, args, ctx, info) => {
  const inputObjectArgs = info.parentType
    .getFields()
    [info.fieldName].args.filter((arg) => isInputObjectType(arg.type));

  for (const input of inputObjectArgs) {
    const { restrict } = getDirectives(info.schema, input);
    if (restrict.from === "visitor") {
      throw new AuthenticationError("restricted access");
    }
  }

There are some utilities in graphql-tools that would allow you to augment all resolvers with this logic, but that strikes me as wasteful. Hopefully this helps!

2 Likes