Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow specifying rules for both types and fields
See original GitHub issueFeature request
Is your feature request related to a problem? Please describe
As far as I’m aware, right now you can specify shield rules for either a type or a selection of subfields on that type, but not both. So if I wanted to restrict access to users that have been archieved, I can do that no problem, if I want to restrict access so only the current user can see their respective address, no problem either, but I’m not aware of a way to combine the two.
Describe the solution you’d like
Implementing this might be really hard to implement without breaking anything. Ideally you’d have the option to introduce an special field into your type permissions that handles the type permissions, as that would hopefully be the least invasive.
So somethina long the lines of:
shield({
User: {
_canViewModel: rules.notArchieved,
address: rules.isCurrentUser
})
Describe alternatives you’ve considered
Other solutions would include changing the internal shieldRules schema to diffrentiate between subfields and the parent type, or having a diffrent naming convention for the two, along the lines of User: {...}, Usertype: rule, but both of those wouldd probably break to much existing code.
Additional context
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:6
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hey @luhagel 👋 ,
Thank you for opening the issue. I had a similar idea a long time ago that would allow us to use
and,or, and other logical patterns on dictionaries as well as rules. In the case of dictionaries, we would simply merge the rules at the lower level.For example,
would translate to
Is that what you had in mind?
It’s one of the last things that I think are truly missing from the library alongside
racerule (https://github.com/maticzav/graphql-shield/issues/645).I am sad to say this, but since this library lost its funding, I am not sure when I’ll find time to implement these features.
Not exactly. I mean it depends on your schema, not your permissions.
If one of your fields (let’s say
email) were required inUserand the email-resolver returnednull, you’d getIf
emailwere an optional field, however, you’d get