feature: filtered schema

Question

feature: filtered schema

Eomm opened this issue 3 years ago · comments

Right now, setting the directive schema as following, it returns the information to all the clients:

directive @auth(
  requires: Role = ADMIN,
) on OBJECT | FIELD_DEFINITION

enum Role {
  ADMIN
  REVIEWER
  USER
  UNKNOWN
}

type Query {
  add(x: Int, y: Int): Int @auth(requires: ADMIN) 
}

Then running the query:

{
  __schema {
    queryType {
      fields {
        name
      }
    }
  }
}

Returns the meta-fields

{
  "data": {
    "__schema": {
      "queryType": {
        "fields": [
          {
            "name": "add"
          }
        ]
      }
    }
  }
}

Hasura applies a different technique: it returns only the schema that applies its rules.

So, using this logic to the @auth directive, we could filter the returned GraphQL schema.
The user's client will see only those query and field it should see.

This requires that the user adds to the client additional information (such as an auth token) to get access to all the GraphQL Schema and documentation.

Jonny Green · Answer 1 · Sat Nov 06 2021 02:15:54 GMT+0800 (China Standard Time)

Great idea, this could be really useful - would you be interested in drafting a PR for this?

Manuel Spigolon · Answer 2 · Mon Nov 08 2021 23:37:15 GMT+0800 (China Standard Time)

Yeah, working on it