# graphql-kotlin

Anshul Sharma

04/14/2022, 6:36 PM
Hey guys! Need some help. I am trying to implement a customised directive implementation where I want to hide/unhide a certain field in the return object based on the internal authorization decision. Eg:
Copy code
directive @authz_decision on FIELD_DEFINITION

type Query {
  getEmployee(id: ID): Employee

type Employee {
  id: ID!
  displayName: String! @authz_decision
  age: Integer 
  gender: String 
In this case - I want to write a customised directive where I will compute authorization for a field (internal authorization system) and based on the outcome, I can send back the field in the response or remove the field. I looked at this link - And figured a way to inject directives into the configuration - but they don’t seem to be invoked at the runtime (at the query), instead, they get executed at the server startup. Request help & advice! Thanks!

Dariusz Kuc

04/14/2022, 6:56 PM
I can send back the field in the response or remove the field.
this violates GraphQL contract, if user requests field
then the response should contain field
if access to the field should be restricted based on some auth scheme then you could either • if field is nullable -> return null • if field is non-nullable -> throw exception and it will fail the whole requests (i.e. cannot return null for non-null field)
instead of
location which targets the schema objects (i.e. modifies the underlying schema), you should be specifying
location which is applied at runtime

Anshul Sharma

04/14/2022, 7:40 PM
Hey @Dariusz Kuc - thanks for replying. Let me check back and attempt these. Once again. Thanks for replying!