Add auth GraphQL directive to control field visibility according to auth roles
ujibang opened this issue · 0 comments
ujibang commented
Brief overview
Enhance GraphQL authorization providing a field directive to enforce visibility on the basis of client role.
Rationale
Currently RH allows to provide different views to different roles with the so called multi-schema solution: see https://restheart.org/docs/security/security-hardening#define-role-specific-graphql-applications
A more flexible approach is providing a directive to control field visibility:
type Query {
hidden: String! @visible(roles:["foo", "bar"])
person(id: ID!): Person
}
See also https://www.graphql-java.com/documentation/field-visibility/
Detailed documentation
TBD