Access denied logic #731
Access denied logic #731
Conversation
tests/Config/Parser/fixtures/annotations/Repository/WeaponRepository.php
Outdated
Show resolved
Hide resolved
Typehint annotation property Co-authored-by: Timur Murtukov <[email protected]>
|
@mcg-web Should we raise an exception when non boolean valus are returned from access callback or if the promise resolve to non boolean value ? Right now, if something other than |
|
@Vincz squashing commits after all tests pass would be nice |
|
After re-reading this PR I don't really get it. Query:
type: object
config:
fields:
user: User!
User:
type: object
config:
fields:
nullableField:
type: String
access: #...
nonNullableField:
type: String!
access: #...if a user without access requests { user { nullableField }the result will be null with an access warning { "data": { "user": { "nullableField": null } }, "extensions": {"warnings": ["..."]} }but if this same user requests { user { nonNullableField }the result will be an error since the field can't be nullable { "data": null, "errors": ["..."] }@Vincz What is the difference with your PR ? Can you provide an example please. |
|
@mcg-web You are right. The only difference is that we don't get the warning when the option |
|
All this part of the bundle is not really clear, that's why in the next version we must try to make this easier. Not a big deal sorry for the time I take before seeing that this was not totally complete 😥 . |
This PR adds the ability to return
nullinstead of raising an exception when the access to a field is denied.It will not enforce the field as
nullableso field with anaccessmust be configured properly.@mcg-web I didn't force the field as
nullableas it implied to modify the user defined schema and would for example modify all a type fields as nullable if the object has afieldsDefaultAccess. Better to let the user implement the logic himself. Don't you think?