-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop Exclude Fields support and use Fields #27
Drop Exclude Fields support and use Fields #27
Conversation
Codecov Report
@@ Coverage Diff @@
## master #27 +/- ##
=======================================
Coverage 97.23% 97.23%
=======================================
Files 12 12
Lines 615 615
=======================================
Hits 598 598
Misses 17 17 Continue to review full report at Codecov.
|
You are totally right! But I think we should drop completely the |
@PedroBern thanks for approving it! I can completely drop the |
I thank you for the PR! You know what you are doing, you can do all the necessary changes to make it work. I've just created the v0.4 branch, please make the PR for it. Also, would be great if you can update the documentation about the new changes :) |
…django-graphql-auth into refactor-fields-logic
Sure thing, @PedroBern! Changed the base branch and update the docs accordingly. |
Currently, the library only supports exclude fields, but this seems extremely dangerous because whenever a new field is added to the user model, we have to remember to exclude it in the settings, it is more than likely that we forget this and the field is exposed to public by accident.
To prevent this, with the current PR we will support
fields
on theMeta
class of theUserNode
, which is read from the new settingUSER_NODE_FIELDS
.The whitelist approach is much safer as using only exclude fields.