smallrye-graphql icon indicating copy to clipboard operation
smallrye-graphql copied to clipboard
verified publisher icon smallrye

Nested `@RolesAllowed`

Open t1 opened this issue 4 years ago • 0 comments

We already can control access to queries and resolvers simply with standard @RolesAllowed et.al. annotations. As discussed in #860, there are situations where the fields of some POJO need access control; i.e. a User class having fields for the name, etc., and a lastLoginTimestamp, which only a user in the admin role is allowed to read and a system allowed to write. The @RolesAllowed annotation would have to be placed on the getter or setter respectively (it's target is limited to TYPE and METHOD).

t1 avatar Aug 06 '21 09:08 t1