Comments (3)
Hi, field level auth is supported: https://neo4j.com/docs/graphql-manual/current/auth/authorization/allow/#_field_level_allow
If it is attempted to update that field without authorization, the entire request will error.
from graphql.
Yes, but how to allow view, but deny update? What we need is some kind of this logic:
@auth(read: [reader, admin], update: [admin])
from graphql.
Yes, but how to allow view, but deny update? What we need is some kind of this logic:
@auth(read: [reader, admin], update: [admin])
That is possible, your syntax is not quite right:
@auth(
rules: [
{
operations: [READ],
roles: ["reader", "admin"]
},
{
operations: [UPDATE],
roles: ["admin"]
}
]
)
The above would be akin to the example you gave there.
I recommend reading our docs on auth to more fully understand the directive: https://neo4j.com/docs/graphql-manual/current/auth/
from graphql.
Related Issues (20)
- Neo4jError: Variable not defined caused by authorization filters HOT 4
- Model.find({where: {id}}) returns wrong output. HOT 6
- Regression on ID scalar type filtering HOT 8
- Neo4jError: Variable `<propertyName>Count` not defined HOT 5
- Error "Cannot return null for non-nullable field" when limit exceeds result count in queries with non-nullable fields HOT 2
- Authorization rules can't compare enum property with context HOT 3
- Compatibility of @neo4j/graphql with neo4j-driver HOT 16
- GraphQL parsing issue with `[[String!]]!` HOT 2
- Filtering issue in `@authorization` directive HOT 2
- Nested mutation with deep connect inside a create is failing with the error- Neo4jError: Variable `this` already declared HOT 3
- Creating distinct relationships on interface field no longer possible since v5 if the interface does not include common identifier HOT 5
- @authentication doesn't work HOT 4
- ```authorization doesn't work``` HOT 1
- How to make custom resolver for create users
- Custom resolver for auto-generated resolvers HOT 2
- Spatial type projection fails if the `srid` is included in the SelectionSet HOT 2
- Generated `*OnCreateInput` types do not include fields to connect/create types with `@relationship` directives HOT 10
- Authorization filter causing undefined error HOT 2
- graphql-ogm with aggregations and full text searches HOT 1
- @neo4j/graphql:auth TypeError: Key for the RS256 algorithm must be one of type KeyObject or CryptoKey. Received an instance of Buffer HOT 17
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql.