neo4j-graphql-js icon indicating copy to clipboard operation
neo4j-graphql-js copied to clipboard

Published 20 hours ago verified publisher icon neo4j-graphql

Scenario: same mutation authorizations for different types implementing a same interface

Open emregency opened this issue 6 years ago • 2 comments

Hi all,

I am in a situation where anybody can create or update content but only someone with an admin role can delete it. And this is true for more than one type in my typeDefs.

So each time I introduce a new type implementing the interface, I need to create a custom delete mutation with @hasRole(roles:[admin]) directive.

Maybe there can be a way to handle this automatically with a little bit of support from you guys?

Thanks,

emregency avatar Mar 04 '19 10:03 emregency

A possible solution would be to use the hasScope directives instead of hasRole since these are more fine-grained and map to the CRUD operations: https://grandstack.io/docs/neo4j-graphql-js-middleware-authorization.html#hasscope

johnymontana avatar May 24 '19 00:05 johnymontana

https://github.com/neo4j-graphql/neo4j-graphql-js/issues/608

michaeldgraham avatar May 02 '21 04:05 michaeldgraham