-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing down a context from a node to its descendents for checking permissions. #375
Comments
For referece of how React's context works. https://facebook.github.io/react/docs/context.html |
#301 has a discussion of this and why we didn't add the ability. In particular, having different contexts in the same query causes major issues for client caches, which can now see conflicting values for the same object and field. However, https://github.com/graphql/graphql-js/blob/master/src/graphql.js#L43 allows the caller to pass down a context for the entire query. This context is most commonly used to contain authentication information. So the resolver for Hope this helps! |
What if the query looks like this?
In this case |
@dschafer, in case you don't get notified. |
If the ability to see the address depends on whose address it is, I would expect the object returned by address: { Though better than that would be to have that logic live inside the email business object: class Email { address: { This way, every caller of Email.getAddress() has the desired visibility rules applied. |
Thank you for your answer! |
Say that I have a user object.
Here's how it looks.
When User A tries to access User B's
info.email.address
, A'sID
must be present in the B'sfriends
field.When resolving
address
field ofemail
object, it currently has no way to access thefriends
field of its owner user B (unless I am missing something).I wish there is a way to add some context value to pass down to its subtree nodes and their fields so they can use it when resolving.
For example,
user
object type wants to add itself as a context value for its descendent node fields, and the fields resolvers can access it ascontext.user
.This is very similar to how
context
works inReact
viachildContextTypes
andgetChildContext
.The text was updated successfully, but these errors were encountered: