Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds @inaccessible directive #59

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 79 additions & 0 deletions spec/Section 2 -- Source Schema.md
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,85 @@ resolve entities and which source schemas merely contribute data to entities.
Further, using `@internal` allows hiding "technical" lookup fields that are not
meant for the client-facing composite schema.

### @inaccessible

```graphql
directive @inaccessible on OBJECT | FIELD_DEFINITION
```

The `@inaccessible` directive is used to prevent specific objects or fields from
being accessible through the composite schema, even if they are accessible in
the underlying source schemas.

This directive is particularly useful for restricting access to fields or
objects that are either irrelevant to the client-facing API or sensitive in
nature, such as internal identifiers or fields intended only for backend use.

```graphql example
type Product @key(fields: "id") @key(fields: "sku") {
id: ID!
sku: String! @inaccessible
internalNote: String
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The prefix internal makes it sound as if this field might be a candidate for the @internal or @inaccessible directive, but that is not applied here. Perhaps this field should just be named note or something else like title or description? (and below)

}

type Query {
productById(id: ID!): Product
productBySku(sku: String!): Product @inaccessible
}
```

The above example declares the key field `sku` to be inaccessible from
the composite schema. However, type system members marked as inaccessible can
still be used within the composite execution schema to fulfil requirements or
lookups.

In contrast to the `@internal` directive the `@inaccessible` directive hides a
type member from the composite schema even if other source schemas on the same type
system member have no `@inaccessible` directive.

```graphql example
# Source Schema A
type Product @key(fields: "id") @key(fields: "sku") {
id: ID!
sku: String! @inaccessible
internalNote: String
}

# Source Schema B
type Product @key(fields: "sku") {
sku: String!
price: Float!
}

# Composite Schema
type Product {
id: ID!
internalNote: String
price: Float!
}
```

The example below removes the field `internalProductById` and the type `Product`
from the the composite schema. However, type system members marked as
inaccessible can still be used within the composite execution schema to fulfil
requirements.

Unlike @internal, which restricts lookup fields to backend use, @inaccessible
completely excludes the marked elements from the composite schema.

```graphql example
type Product @inaccessible {
id: ID!
sku: String!
internalNote: String
}

type Query {
publicProductById(id: ID!): Product
internalProductById(id: ID!): Product @inaccessible
}
```

### @is

```graphql
Expand Down
Loading