Allow @authorization to be used on relationship fields to protect particular relationship operations
#4377
Labels
enhancement
New feature or request
Comments
|
@darrellwarde, has anyone considered this? This feels like a big feature and would massively expand the flexibility of the auth system. I find it odd how I can set authorization rules for individual fields but not relationships |
darrellwarde
changed the title
@authorization to be used on relationship fields to protect particular relationship operations
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current @authorization support selecting an operation, such as CREATE, DELETE, UPDATE, CONNECT and DISCONNECT. It seems like connect and disconnect would apply to ANY connection being made. Sometimes we want to prevent all connections, except one. And sometimes we want to permit all connections expect one.
Have you considered making the configurable - perhaps based on white or blacklisting edge names per type for simplicity?
The text was updated successfully, but these errors were encountered: