Replies: 1 comment
-
|
@BenHall-1 while not the desired solution, you might find some success in making your type Test {
+ name: String @hasColumnAccess(column: "name")
- name: String! @hasColumnAccess(column: "name")
}This means that if your directive errors due to insufficient permissions then you can still return a partial result (all the other fields). If a field is non-null and has an error then the null will propagate upwards until the first nullable field is found [spec]. You might find that—as your schema grows—partial success is much more user friendly than failing altogether. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We have a report where we need to limit one column to people with certain permissions.
schema.graphqls
routing.go
However this directive only gets run after the logic for the entire query has taken place, not before. We need it to be able to stop the query and throw an error if they do not have access to that field, as otherwise it will be running heavy queries when it is going to return an error anyway for the report
query:
{ test() { name } }response:
{ "errors": [ { "message": "Access Denied to Column 'name'", "path": [ "test", 2, "name" ], }, { "message": "Access Denied to Column 'name'", "path": [ "test", 0, "name" ], }, { "message": "Access Denied to Column 'name'", "path": [ "test", 4, "name" ], }, { "message": "Access Denied to Column 'name'", "path": [ "test", 1, "name" ], }, { "message": "Access Denied to Column 'name'", "path": [ "test", 3, "name" ] } ], "data": null }Beta Was this translation helpful? Give feedback.
All reactions