x-graphql/field-guard

Managing access control of object fields

0.2.0 2024-04-17 02:48 UTC

This package is auto-updated.

Last update: 2024-12-17 04:13:20 UTC


README

Middleware for adding security layer to GraphQL schema

unit tests codecov

Getting Started

Install this package via Composer

composer require x-graphql/field-guard

Usages

Create permissions array mapping object type name, and it fields with rule, rule can be boolean or instance of XGraphQL\FieldGuard\RuleInterface:

use GraphQL\Type\Definition\ResolveInfo;
use XGraphQL\FieldGuard\RuleInterface;

$isAdminRule = new class implements RuleInterface {
    public function allows(mixed $value, array $args, mixed $context, ResolveInfo $info) : bool{
        return $context->isAdmin();
    }
    
    public function shouldRemember(mixed $value,array $args,mixed $context,ResolveInfo $info) : bool{
        return true;
    }
};

$permissions = [
    'Query' => [
        'getUser' => true, /// all user can get user.
        'getBook' => false, /// deny all user to get book.
    ],
    'Mutation' => [
        'createUser' => $isAdminRule, /// only admin user can create user.
    ]   
];

Then create middleware with $permissions above and apply to schema:

use XGraphQL\FieldMiddleware\FieldMiddleware;
use XGraphQL\FieldGuard\FieldGuardMiddleware;

$schema = ...
$guardMiddleware = new FieldGuardMiddleware($permissions);

FieldMiddleware::apply($schema, [$guardMiddleware]);

Credits

Created by Minh Vuong