Folks - is there a convention (I guess through gra...
# orm-helpr
rem
04/10/2019, 11:53 AMFolks - is there a convention (I guess through graph yoga resolvers) whereby I can ensure a model is only accessible with X permission? ie. a Note record can only be queried (and importantly via nested queries) if the user owns the note?
n
nuno
04/10/2019, 1:58 PMpeople usually recommend https://github.com/maticzav/graphql-shield
nuno
04/10/2019, 1:59 PMor you could try graphql directives: https://www.apollographql.com/docs/graphql-tools/schema-directives#enforcing-access-permissions
r
rem
04/11/2019, 5:10 PMgraph-shield doesn't give me model level security. It does at query, mutations and type props, but no, as far as I could understand, at the type level
rem
04/12/2019, 11:49 AMI got this working in the end - the example on the graphql-shield had some errors in it which threw me off originally. I can set security at the model level.
👍 1
n
nuno
04/12/2019, 3:58 PMmaybe submit a PR to fix their example 😄