-
-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add schema visibility fillters #361
Comments
I'll mark this as blocked as I'm doing a rewrite on the internals :) Should be easier to implement this after that 🤞 |
@Ambro17 I'm wondering if we should go with something similar to our permission: import strawberry
class IsPaidAPIUser(BaseVisiblity):
message = "User is not authenticated"
def has_permission(self, source, info):
return False
@strawberry.type
class User:
name: str
age: int
@strawberry.type
class Query:
@strawberry.field(visibility_classes=[IsPaidAPIUser])
def user(self, info) -> User:
return User(name="Patrick", age=100)
schema = strawberry.Schema(query=Query) not really sure about the names to be honest |
Didn't know about strawberry's permissions support! |
Yeah, visibility filters would be to hide the fields based on the clients that are requesting the schema. Permissions don't do anything around that, they only check if you can access a field or not ;) |
Oh i see, they are not read on schema build time then. I guess we would have to offer a similar api then to avoid including them on the schema |
Yes, but I think everything will happen during the request, as that's the only time when you have access to information about the clients (headers, etc). Not sure yet how this could be implemented, as I need to check the internals of GraphQL-core, but I think it might be a nice feature :) |
I think we are considering two different use cases of schema visibility.
I think both use cases would benefit from visibility filters, but i find the second case much harder to implement, at least from what i know now. Because one would not only have to delete the type, but also all references to the type across the graph. Perhaps that's trivial on simple cases, but on deeply nested graphs or with a core entity, that may find rough edge cases. |
Uhm good point on deleting the types, I was only thinking about hiding the fields at the moment. Will think about this too |
I think this issue is a nice read graphql/graphql-js#113 to have a mental model of the problem and the tradeoff of each approach. On the other hand, i'm thinking perhaps this transformation is better suited as an external lib than inside strawberry as it would need to be tightly coupled with |
I don't think there's an easy for this, I'll need to try and see if I can come up with something clever for it.
Yeah, this makes sense. I guess if you only have two variants it might be ok (internal and external). Maybe I'll try to find someone that has done this in the past and see how they're doing 😊 |
I have a new idea that i will test tomorrow to see if we can hide them dynamically |
Ruby has its way of hiding fields
https://graphql-ruby.org/authorization/visibility.html
Java has its way too
https://www.graphql-java.com/documentation/v12/fieldvisibility/
Javascript too
https://www.apollographql.com/docs/apollo-server/features/schema-transforms/
The main goal of this is to hide experimental or in progress types from clients, but to allow to include them for testing or staging for example
There seems to be two valid approaches for visibility filters.
Upvote & Fund
The text was updated successfully, but these errors were encountered: