Authorization depending on property value of returned object about authorization HOT 5 CLOSED

No, you’re not missing anything. These authorization checks utilize the existing GraphQL validation, which runs before the query is executed. If you need to access a value that is first resolved/fetched in a field, then you will have to do that manually yourself.

from authorization.

Hi @micmartin @joemcbride, please allow me to do a shameless plugin here. Having worked with a pretty sophisticated privacy system at work, I wanted to achieve something similar using this library. But I discovered it couldn't be done so I quickly spawned my own take on GraphQL authorization - https://github.com/hanlindev/graphql-privacy .

@micmartin what you described is one of the first use cases I wanted to handle so I think my library should be able to solve your problem. However it was just created a couple of weeks ago. The implementation is a bit hacky and there can be many bugs laying around. Anyways you could still look at my code and create your own version if you desire.

from authorization.

@micmartin Is this issue still actual?

from authorization.

I soved that problem by doing an authorization check on the "main" entites while retrieving them. No a nice and general solution but it works for my needs.
@hanlindev sorry for not responding to your comment, must have missed the notification

from authorization.

As @joemcbride said

These authorization checks utilize the existing GraphQL validation, which runs before the query is executed. If you need to access a value that is first resolved/fetched in a field, then you will have to do that manually yourself.

Closing this issue as wontfix.

from authorization.