-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GraphQL policy merging with field permissions does not work #3166
Comments
On latest release-3-lts This fix does not work as expected. Policy A: Has restrictions for Email and Comment When we generate token and try to access Comments filed, gateway will return results e.g
Response
Policy A:
Policy B:
Token:
|
@ilijabojanovic Actually this is the expected behavior when we look at the description. The idea is to merge allowed fields. If you want to restrict a field, you should unselect for both policy A and B. |
Branch/Environment/Version
Describe the bug
If you have a policy that allows you to read type "A", and a second policy that allows you to read field "B", and you try to create a token that has both policies, all fields will be restricted.
Expected behavior
It should properly merge policies together on the field level.
The text was updated successfully, but these errors were encountered: