graphql-compose-elasticsearch icon indicating copy to clipboard operation
graphql-compose-elasticsearch copied to clipboard

Published 20 hours ago verified publisher icon graphql-compose

Authorization issue

Open TonyWoo opened this issue 7 years ago • 2 comments

Hi, Thank you for providing so great library. We just have a question, we want to limit the data to user. For example, the regular user can only see the data created by them self. But the administrator can see all of the data. How and where to add this authorization logic into this GraphQL server? Thanks in advance.

Here is a link about authorization from the graphql for your reference. http://graphql.org/learn/authorization/

TonyWoo avatar Sep 19 '17 13:09 TonyWoo

If you use search resolver it can be done in such way:

const newExtendedSearchResolver = UserTC.getResolver('search').wrapResolve(next => async (rp) => {
  const { source, args, context, info } = rp;
  // check here args or contexts, or even you can change `rp.args` before passing it down to `search` resolver
  const result = await next(rp); 
  // check and change result here before returning it to user
  return result;
});

A little bit more info

  • https://github.com/nodkz/graphql-compose/issues/38
  • https://github.com/nodkz/graphql-compose/tree/master/docs/06-advanced

nodkz avatar Sep 21 '17 15:09 nodkz

hi, is there a way we can do this with the elasticApiFieldConfig. i don't see a getResolver function.

neerajd12 avatar Nov 23 '20 12:11 neerajd12