Non-Polite Mother

    @envelop/operation-field-permissions
    TypeScript icon, indicating that this package has built-in type declarations

    4.0.4 • Public • Published

    @envelop/operation-field-permissions

    Disallow executing operations that select certain fields. Useful if you want to restrict the scope of certain public API users to a subset of the public GraphQL schema, without triggering execution (e.g. how graphql-shield works).

    Note: This plugin and authorization on a resolver level (or via middleware) are complementary. You should still verify whether a viewer is allowed to access certain data within your resolvers.

    Installation

    yarn add @envelop/operation-field-permissions

    Usage Example

    import { parse, validate, specifiedRules, execute, subscribe } from 'graphql'
    import { envelop, useSchema, useEngine } from '@envelop/core'
    import { useOperationFieldPermissions } from '@envelop/operation-field-permissions'
    
    const getEnveloped = envelop({
      plugins: [
        useEngine({ parse, validate, specifiedRules, execute, subscribe }),
        useSchema(schema),
        useOperationFieldPermissions({
          // we can access graphql context here
          getPermissions: async context => new Set(['Query.greetings', ...context.viewer.permissions])
        })
        /* ... other envelops */
      ]
    })

    Schema

    type Query {
      greetings: [String!]!
      foo: String
    }

    Operation

    query {
      foo
    }

    Response

    {
      "data": null,
      "errors": [
        {
          "message": "Insufficient permissions for selecting 'Query.foo'.",
          "locations": [
            {
              "line": 2,
              "column": 2
            }
          ]
        }
      ]
    }

    Keywords

    none

    Install

    npm i @envelop/operation-field-permissions

    DownloadsWeekly Downloads

    996

    Version

    4.0.4

    License

    MIT

    Unpacked Size

    14.2 kB

    Total Files

    7

    Last publish

    Collaborators

    • dotansimha