From c7212473207510018f2f258054013153c0ff2e3a Mon Sep 17 00:00:00 2001
From: Adam Sven Johnson <adam@pkqk.net>
Date: Wed, 30 Aug 2023 16:26:49 +1200
Subject: [PATCH] Log the permissions that disallowed field access

---
 auth.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/auth.go b/auth.go
index 07e74c88..1e97f9bc 100644
--- a/auth.go
+++ b/auth.go
@@ -6,6 +6,7 @@ import (
 	"sort"
 	"strings"
 
+	log "github.com/sirupsen/logrus"
 	"github.com/vektah/gqlparser/v2/ast"
 	"github.com/vektah/gqlparser/v2/gqlerror"
 )
@@ -54,6 +55,14 @@ func (f fieldList) Swap(i, j int) {
 	f[i], f[j] = f[j], f[i]
 }
 
+func (a AllowedFields) String() string {
+	bytes, err := json.Marshal(a)
+	if err != nil {
+		return err.Error()
+	}
+	return string(bytes)
+}
+
 // MarshalJSON marshals to a JSON representation.
 func (a AllowedFields) MarshalJSON() ([]byte, error) {
 	if a.AllowAll {
@@ -271,6 +280,10 @@ func filterFields(path []string, ss ast.SelectionSet, allowedFields AllowedField
 				errs = append(errs, ferrs...)
 			} else {
 				fieldPath := strings.Join(append(path, s.Name), ".")
+				log.WithFields(log.Fields{
+					"field":       fieldPath,
+					"permissions": allowedFields,
+				}).Debug("field access disallowed")
 				errs = append(errs, gqlerror.Errorf("%s access disallowed", fieldPath))
 			}
 		case *ast.FragmentSpread: