You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A bit of context, shield is meant to be a wrapper for resolvers. Currently, the two parameters it accepts are permissions and resolvers - I think that adding typeDefs as another argument makes everything unnecessarily more complex.
The problem is that since people often only define types in typeDefs but do not resolve them in resolvers (graphql manages this for them automatically behind the scenes). When generating resolvers from permissions, I cannot tell which resolvers might exist in the end since I can obtain only the keys in defined resolvers and permissions.
Let’s say, for example, that we have such schema and permissions…
const_permissions={Query: ()=>true,Type: {property: ()=>true,properties: ()=>true// hiddenProperty should by default be blacklisted}}
Now we have two options for resolving Type; first, resolving it only in Query and second, resolving it under Type. Taking the first approach the exact scenario occurs, since neither resolvers nor permissions define hiddenProperty key, shield cannot make a tree this deep and hiddenProperty query is always resolved.
Replacing/adding resolvers parameter with typeDefs would probably fix the problem since we could extract all the resolvers from schema, but I am not sure whether this is the best approach...
A bit of context,
shield
is meant to be a wrapper for resolvers. Currently, the two parameters it accepts arepermissions
andresolvers
- I think that addingtypeDefs
as another argument makes everything unnecessarily more complex.The problem is that since people often only define types in
typeDefs
but do not resolve them in resolvers (graphql
manages this for them automatically behind the scenes). When generating resolvers frompermissions
, I cannot tell which resolvers might exist in the end since I can obtain only the keys in definedresolvers
andpermissions
.Let’s say, for example, that we have such schema and permissions…
Now we have two options for resolving
Type
; first, resolving it only in Query and second, resolving it underType
. Taking the first approach the exact scenario occurs, since neitherresolvers
norpermissions
definehiddenProperty
key,shield
cannot make a tree this deep andhiddenProperty
query is always resolved.On the other hand, the following works as expected.
The text was updated successfully, but these errors were encountered: