Parent is undefined about graphql-shield HOT 8 CLOSED

Nevermind, I just read through all the source of shield and middlewares and I think I have a much better understanding now.

from graphql-shield.

Hey @nolandg @kitze 👋,

Have you heard of $exists method in Prisma? Its idea stems from a legacy Graphcool permission system where you could, using GraphQL queries, define permissions for your system. graphql-shield is designed especially with that in mind. This way, it doesn't seem like you are fetching the same data twice. Additionally, I believe it is worth mentioning that prisma-binding, and prisma-client I believe as well, both feature a minor implementation of caching. Furthermore, graphql-shield also prevents duplication of requests by caching the result of a rule depending on the cache option.

from graphql-shield.

The work around I have now is to put the rule on the type rather than the mutation but then each mutation can produce many errors and the rule is run multiple times when it only needs to be run once.

from graphql-shield.

How did you solve this @nolandg ?

from graphql-shield.

I put rules on all my mutations and queries and for the ones that required ownership I loaded the record first then checked ownership. The parent is not useful here as I'm mostly concerned with the top-level which doesn't have a parent.

from graphql-shield.

@nolandg doesn't this slow down your app because you're querying the same data in the resolver and in graphql-shield?

from graphql-shield.

I don't directly query data in the resolver. I usually just forward the mutation or query to Prisma. Sometimes yes the record is fetched twice. The only way I see of avoiding this is more deeply integrating the permissions checks within your own app and not using 3rd party. The check would have to be combined with your resolver which misses the whole point of a middleware.

from graphql-shield.

@nolandg Fair enough, thanks!

from graphql-shield.