authorization icon indicating copy to clipboard operation
authorization copied to clipboard

Published 20 hours ago verified publisher icon graphql-dotnet

Cannot use @include or @skip to strip unauthorized fields from a query

Open chris-nissen opened this issue 5 years ago • 2 comments

Should AuthorizeWith report an error if a field the user isn't authorized for is excluded from the query via the @include or @skip directives? (It currently does.)

chris-nissen avatar Nov 19 '18 20:11 chris-nissen

Indeed it should not report an error. Up for doing a PR for it?

joemcbride avatar Nov 19 '18 20:11 joemcbride

Bad phrasing on my part. I mean that it should not report an error when the unauthorized field is skipped (or not included), but I think we're on the same page.

I'd like to do a PR, but I haven't done one for a public project before. I'll try to work it out!

chris-nissen avatar Nov 19 '18 20:11 chris-nissen