GraphQL ACL
Specify allowed fields for roles. Create big scheme with all fields and allow only some fields to roles.
Installation:
Using npm:
$ npm i --save graphql-acl
Example:
ACL:
Configure object representing allowed fields.
const acl = user: true articles: title: true author: name: true
Scheme:
{ user: { name: String, surname: String, email: String }, articles: { id: Number, title: String, perex: String, content: String, views: Number, author: { name: String, surname: String } }}
Result:
Generated schema contains only allowed fields.
{ user: { name: String, surname: String, email: String }, articles: { title: String, author: { name: String } }}
Implementation:
createGraphQLObjectType(props, fields) => function (acl)
Return function which expect acl as param and generate GraphQLObjectType.
props
- {Object} - GraphQLObjectType properties
fields
- {Object} - expect GQL object or function which returns GQL object
index.js
const GraphQLSchema = const ROLES ACL = const createRoot = const userSchema = description: 'User graphQL' query: const adminSchema = description: 'Admin graphQL' query:
root.js
const GraphQLString = const createGraphQLObjectType = const createUser = const user = description: 'User object' type: const version = description: 'Version' type: GraphQLString const createRoot = moduleexports = createRoot
user.js
const GraphQLString = const createGraphQLObjectType = const name = description: 'Name' type: GraphQLString const surname = description: 'Surname' type: GraphQLString const createUser = moduleexports = createUser
acl.js
const ROLES = USER: 'USER' ADMIN: 'ADMIN' const userAcl = user: name: true const ACL = ROLESUSER: userAcl ROLESADMIN: true // Allow everything moduleexports = ROLES ACL