I m using `graphql yoga` Looking for insight on how to progr Prisma #prisma-whats-new

I'm using `graphql-yoga`. Looking for insight on h...

wallslide

02/14/2018, 11:02 AM

I'm using

graphql-yoga

. Looking for insight on how to programmatically control if a field gets returned or not:

Copy code

type Event {
 id: ID!
 adminOnlySecret: String
}

How do I write a resolver that returns/hides

adminOnlySecret

using

graphql-yoga

, depending on something like whether the person requesting the

Event

is an admin or not?

andre

02/14/2018, 11:04 AM

You could extend your

Event

resolver:

Copy code

const Event = {
  adminOnlySecret: async (parent, args, context, info) => {
    // Check if admin or not.
  }
};

andre

02/14/2018, 11:05 AM

I assume that you have the currently authenticated user in

context

. So your check would look something like:

Copy code

if (context.user.role !== “Admin”) {
    throw new Error(“Insufficient permissions.“)
}

andre

02/14/2018, 11:05 AM

An alternative approach would be to use: https://github.com/maticzav/graphql-shield

wallslide

02/14/2018, 11:06 AM

Where do I put the

ctx.db.query.event({}, info)

code if I extend my

Event

resolver?

andre

02/14/2018, 11:06 AM

No, you have to define it as an application resolver. Do you use Prisma?

wallslide

02/14/2018, 11:07 AM

I'm using prisma inside of graphql-yoga

andre

02/14/2018, 11:08 AM

Okay, cool. Do you have an

Event

resolver within your application?

wallslide

02/14/2018, 11:08 AM

Yes

andre

02/14/2018, 11:08 AM

Perfect. Then the approach above will work.

wallslide

02/14/2018, 11:09 AM

Copy code

async function event(parent, args, ctx, info) {
    const isAdmin = await checkAdmin(ctx)
    return ctx.db.query.event({}, info)
}

wallslide

02/14/2018, 11:09 AM

if I have something like that right now

wallslide

02/14/2018, 11:09 AM

and if they are admin, cool they can do whatever

wallslide

02/14/2018, 11:09 AM

but if they are not, then I need to hide that field

wallslide

02/14/2018, 11:09 AM

I'm still unclear how to change that resolver to do so

andre

02/14/2018, 11:10 AM

Very close 🙂 Look at this example:

andre

02/14/2018, 11:11 AM

Copy code

const Event = {
  adminOnlySecret: async (parent, args, context, info) => {
    // Check if admin or not.
  }
};

const resolvers = {
    Query, // Your query resolvers
    Mutation, // Your mutation resolvers
    Event
}

andre

02/14/2018, 11:12 AM

You create a “sub-resolver” on the

Event

and pass

Event

as an own resolver to your resolver map.

andre

02/14/2018, 11:12 AM

The function

adminOnlySecret

will be executed whenever somebody queries that field.

andre

02/14/2018, 11:13 AM

In general: You have a GraphQL schema and you map your resolvers functions to it.

wallslide

02/14/2018, 11:15 AM

I see... so then in

Copy code

const Event = {
  adminOnlySecret: async (parent, args, context, info) => {
    // Check if admin or not.
  }
};

I use prisma to query using

ctx.db.event({where: {id: 'someId'}}, '{adminOnlySecret}')

, and then either return that, or

""

depending on if they are an admin or not?

andre

02/14/2018, 11:15 AM

Exactly. 👍

wallslide

02/14/2018, 11:17 AM

and until now, I've been putting all of my query resolvers in the Query data structure. I still need to put

Copy code

function event(parent, args, ctx, info) {
    return ctx.db.query.event({}, info)
}

in there right?

andre

02/14/2018, 11:18 AM

No, this function is not necessary.

andre

02/14/2018, 11:18 AM

Ah, wait.

andre

02/14/2018, 11:18 AM

This is one resolver in the

Query

object?

wallslide

02/14/2018, 11:19 AM

yes, it returns an Event type

andre

02/14/2018, 11:19 AM

Ya, this is one resolver then for returning a particular event. Correct.

andre

02/14/2018, 11:20 AM

The actual sub-resolver has to be in the

Event

resolver though.

wallslide

02/14/2018, 11:20 AM

great, thanks a lot for your help!

andre

02/14/2018, 11:20 AM

You’re very welcome 🙂

2 Views

Open in Slack

Previous Next