I just got into using this tool so please bare with me if this is a stupid question. How do I add a field to a model but prevent people from querying it. Example is Passwords. I tried using permissions and I must be doing something wrong

There is no such thing as a stupid question 🙂 You can override the type in your application schema, basically.

But how do you then go about saving it to the model… do you have a code snippet?

You would define an own mutation in your application layer, like:

input RegisterInput {
    username: String!
    password: String!
}

type User {
  id: ID!
  username: String!
}

type Mutation {
  register(input: RegisterInput!): User!
}

In your actual

register

resolver function:

const register = (parent, args, context, info) => context.db.mutation.createUser({
        data: {...}
    }, info);

Here you persist the actual user object and return the result. Due to the fact that you've defined the

User

type in your application schema with less fields, the return value won't contain more fields. The result will be "sliced" accurately, so to speak 🙂 Hope that helps.

Oh ok… I for some reason thought that MySQL was looking for connected columns to fields but if it is this dynamic graphcool is more flexible than I had originally thought

Sorry had a typo in my snippet above .. fixed it.

does it still work with graphcool? The only thing I am finding is if I use Permissions I need to remove all

- operation: "*"