How to check permissions and other conditions in GraphQL query?

Answer • 1 Asked • Jun 24 2019
How could I check if user has permission to see or query something? I have no idea how to do this.
  • In args? How would that even work?
  • In resolve()? See if user has permission and somehow eliminate/change some of the args?

Example:
If user is "visitor", he can only see public posts, "admin" can see everything.
const userRole = 'admin'; // Let's say this could be "admin" or "visitor" const Query = new GraphQLObjectType({ name: 'Query', fields: () => { return { posts: { type: new GraphQLList(Post), args: { id: { type: GraphQLString }, title: { type: GraphQLString }, content: { type: GraphQLString }, status: { type: GraphQLInt // 0 means "private", 1 means "public" }, }, // MongoDB / Mongoose magic happens here resolve(root, args) { return PostModel.find(args).exec() } } } } })

Write your answer...

On a mission to build Next-Gen Community Platform for Developers