feature: filtered schema
Eomm opened this issue · comments
Manuel Spigolon commented
Right now, setting the directive schema as following, it returns the information to all the clients:
directive @auth(
requires: Role = ADMIN,
) on OBJECT | FIELD_DEFINITION
enum Role {
ADMIN
REVIEWER
USER
UNKNOWN
}
type Query {
add(x: Int, y: Int): Int @auth(requires: ADMIN)
}
Then running the query:
{
__schema {
queryType {
fields {
name
}
}
}
}
Returns the meta-fields
{
"data": {
"__schema": {
"queryType": {
"fields": [
{
"name": "add"
}
]
}
}
}
}
Hasura applies a different technique: it returns only the schema that applies its rules.
So, using this logic to the @auth
directive, we could filter the returned GraphQL schema.
The user's client will see only those query
and field
it should see.
This requires that the user adds to the client additional information (such as an auth token) to get access to all the GraphQL Schema and documentation.
Jonny Green commented
Great idea, this could be really useful - would you be interested in drafting a PR for this?
Manuel Spigolon commented
Yeah, working on it