fidelize / graphql-laravel-authorize-introspection
Authorize introspection documentarion for rebing/graphql-laravel
Installs: 5 718
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 5
Forks: 1
Open Issues: 0
Type:project
Requires
- rebing/graphql-laravel: >=1.15.9
Requires (Dev)
- mockery/mockery: ^1.2
- phpunit/phpunit: ^5.5|~6.0|~7.0
This package is auto-updated.
Last update: 2024-04-11 13:46:33 UTC
README
rebing/graphql-laravel lists all
queries, mutations and subscriptions when you perform
introspection,
even those queries which would not be authorized when called (due to rules in
their #authorize method).
This extension allows us to:
- Define separate rules for calling a query and introspecting a query.
- Only list allowed queries, mutations and subscriptions in an introspection.
For example: you may want to list updatePost mutation for all authors with
authorizeIntrospection, but only allow an author to edit his or her own post
on calling updatePost. Thus:
authorizeIntrospection: allows showing the documentation.authorize: allows calling it with the given arguments.
In your queries, mutations and subscriptions base classes, you may want to add:
<?php namespace App\GraphQL\Mutation; use Rebing\GraphQL\Support\Mutation; class AbstractMutation extends Mutation { public function authorizeIntrospection() { // Your rule here return true; } public function authorize(array $args) { // Only override when you have custom rule according to the $args return $this->authorizeIntrospection(); } }
Installation
composer require "fidelize/graphql-laravel-authorize-introspection"
Replace Rebing\GraphQL\GraphQLServiceProvider with
Fidelize\GraphQLAuthorizedIntrospection\ServiceProvider in your
config/app.php file.