authorization
authorization copied to clipboard
Cannot use @include or @skip to strip unauthorized fields from a query
Should AuthorizeWith
report an error if a field the user isn't authorized for is excluded from the query via the @include
or @skip
directives? (It currently does.)
Indeed it should not report an error. Up for doing a PR for it?
Bad phrasing on my part. I mean that it should not report an error when the unauthorized field is skipped (or not included), but I think we're on the same page.
I'd like to do a PR, but I haven't done one for a public project before. I'll try to work it out!