Nick Luger
02/22/2018, 6:36 PMschema.graphql
-setups are leaking data through cyclic references. These can become complex to manage (me
➡️ bookings
➡️ places
➡️ bookings
(of other user) ) https://github.com/graphcool/graphql-server-example/issues/109 Is there a best practice on that?max
02/22/2018, 6:48 PMplaces
to remove references to bookings
. The only way to access bookings would be through me
or directly on bookings
Nick Luger
02/22/2018, 6:51 PMNick Luger
02/22/2018, 6:52 PMNick Luger
02/22/2018, 6:55 PMposts
and the author
of a post, i would need to define the same model twice.max
02/22/2018, 6:56 PMNick Luger
02/22/2018, 6:57 PMmax
02/22/2018, 7:01 PMNick Luger
02/22/2018, 7:03 PMmax
02/22/2018, 7:08 PMposts
and the author
question. you could have a public definition of author
which people can query. Then the author can edit and view their info on me
.max
02/22/2018, 7:08 PMwallslide
02/22/2018, 11:13 PMmax
02/23/2018, 10:52 AMwallslide
02/23/2018, 11:22 AMme
➡️ bookings
or me
➡️ bookings
➡️ places
➡️ bookings
, if there is business logic that checks on a per-booking level is this user authorized to view this booking
, then there will be no data leakmax
02/23/2018, 2:35 PMplace
and the bookings
on that node. you can check if they have access to those bookings.max
02/23/2018, 2:37 PMplace
in the public facing graphql api to stop users from accessing bookings
on the place
nodeNick Luger
02/23/2018, 3:54 PMme
than on a specific booking
, as you normally specify sub-resolvers for a single booking (like id
, bookee
etc.) , and you want to avoid to run an authorization task on every resolution of one of these sub-fields.Especially if you get a lot of bookings
. A nice helper i found today is https://github.com/maticzav/graphql-shield