https://kotlinlang.org logo
#graphql-kotlin
Title
# graphql-kotlin
a

Anshul Sharma

04/14/2022, 6:36 PM
Hey guys! Need some help. I am trying to implement a customised directive implementation where I want to hide/unhide a certain field in the return object based on the internal authorization decision. Eg:
Copy code
directive @authz_decision on FIELD_DEFINITION

type Query {
  getEmployee(id: ID): Employee
}

type Employee {
  id: ID!
  displayName: String! @authz_decision
  age: Integer 
  gender: String 
}
In this case - I want to write a customised directive where I will compute authorization for a field (internal authorization system) and based on the outcome, I can send back the field in the response or remove the field. I looked at this link - https://opensource.expediagroup.com/graphql-kotlin/docs/schema-generator/customizing-schemas/directives/ And figured a way to inject directives into the configuration - but they don’t seem to be invoked at the runtime (at the query), instead, they get executed at the server startup. Request help & advice! Thanks!
d

Dariusz Kuc

04/14/2022, 6:56 PM
I can send back the field in the response or remove the field.
this violates GraphQL contract, if user requests field
A
then the response should contain field
A
if access to the field should be restricted based on some auth scheme then you could either • if field is nullable -> return null • if field is non-nullable -> throw exception and it will fail the whole requests (i.e. cannot return null for non-null field)
instead of
FIELD_DEFINITION
location which targets the schema objects (i.e. modifies the underlying schema), you should be specifying
FIELD
location which is applied at runtime
a

Anshul Sharma

04/14/2022, 7:40 PM
Hey @Dariusz Kuc - thanks for replying. Let me check back and attempt these. Once again. Thanks for replying!