authograph icon indicating copy to clipboard operation
authograph copied to clipboard
verified publisher icon Goblinlordx

am I getting this wrong...

Open orefalo opened this issue 7 years ago • 3 comments

or the schema is being filtered, and therefore recreated on every request?

orefalo avatar Jan 11 '18 21:01 orefalo

Sorry, this repo is pretty unmaintained at this point. It is also incomplete. It can be but I also had started allowing for caching of filtered schemas. This can potentially introduce problems if the policies change at runtime though so that is one reason this part isn't really complete.

Another issue is, currently, it is very difficult to handle interfaces and unions. I was unable to come up with a method which could deal with these types. Both could lead to a single type needing to be restricted in different ways. In those cases, what takes priority and what happens when a union/interface is filtered but the type is not or visa-versa. From what I recall that was what I was actually stuck on while building this honestly.

In retrospect, at this point, I am more in line with what people from Facebook have recommended that the access control be closer to the actual data access. It also has it's own set of challenges though. As far as filtering at the schema of GraphQL, it doesn't actually seem necessary. Even if you don't hide the methods available, while it does possibly leak some implementation details, if access control is implemented below this, it largely shouldn't matter as trying to use access those fields/types should just return nothing anyways. This is not too different from having an endpoint that returns 404 to a user when they don't have access. The difference being, with GraphQL the user knows something can be handled there, and with an endpoint they aren't necessarily told that the endpoint might process something if they had access.

Goblinlordx avatar Jan 12 '18 01:01 Goblinlordx

Realistically, if you would like to build on this more, I would recommend forking it or you can use this work as a basis for doing this type of thing in your own project. If you run into any issues using this, while I would take PRs it is unlikely I would fix them myself within a reasonable timeframe as I don't have much time for working on this recently.

Goblinlordx avatar Jan 12 '18 01:01 Goblinlordx

Thank you ;-) At this point I am trying to find an example to make it work. found this https://bitbucket.org/baldiviab/authed-graphql/commits/all

trying to understand how the permissions are set

orefalo avatar Jan 13 '18 13:01 orefalo