Licensed to be used in conjunction with basebox, only.
@bb_restrict_fields
Syntax
@bb_restrict_fields(_fields: ["field1", "field2"])
Notes
The @bb_restrict_fields can be sapplied to a graphql operation and specifies fields from a type which will intentionally not be returned within a response.
It is especially useful in combination with @bb_roles with which we allow access to owned data by another @bb_user.
The @bb_restrict_fields is only supported on operations with @bb_resolver of _type SELECT, INSERT, INSERT_NESTED, UPDATE and UPDATE_NESTED.
The resolver can be used on queries and mutations. The operation where this resolver is used for has to handle owned data type. Within the @bb_resolver of an operation the _object attribute should contain a type which is somehow owned. Or if the operation does not have the _object attribute, the returned type should be owned.
If those conditions are not fullfilled, an error is thrown already on compilation level as the usage of a @bb_restrict_fields would not make sense.
Operations with @bb_restrict_fields directive can also be called in _steps of an ORCHSTRATOR.
Examples
Within the sample below, we will not return Car.owner and Car.licensePlate in the response.
type Car {
id: ID!
name: String!
manufacturer: String!
owner: String
licensePlate: String!
}
type Query {
loadCarItem(carId: ID!): Car!
@bb_restrict_fields(_fields: ["owner", "licensePlate"])
@bb_resolver(
_type: SELECT
_filter: { id: { _eq: "$carId" } }
_object: Car
)
}
@bb_restrict_fields can also be used to hide nested fields of a type:
type Car {
id: ID!
name: String!
manufacturer: String!
owner: Owner
licensePlate: String!
}
type Owner {
id: ID!
name: String!
birthdate: String!
address: Address!
}
type Address {
id: ID!
city: String!
street: String!
houseNr: String
}
type Query {
loadCarItems: [Car!]
@bb_restrict_fields(_fields: ["licensePlate", "owner.name", "owner.address.houseNr"])
@bb_resolver(
_type: SELECT
_filter: { id: { _eq: "$carId" } }
_object: Car
)
}
In the example above, the returned JSON of loadCarItems will not contain the specified fields, i.e. loadCarItems.owner, will not contain the name attribute.
Note
If a request queries one of the restricted fields the server will answer with 403 (Forbidden).
If @bb_restrict_fields is applied to mutations, the restricted fields are also not returned in the response but additionally cannot be set. The error will be thrown at compilation level by the compiler if applicable.
type Car {
id: ID!
name: String
manufacturer: String
licensePlate: String
owners: [Owner!]
}
type Owner {
id: ID!
name: String
birthdate: String
address: Address
}
type Address {
id: ID!
city: String!
street: String!
houseNr: String
}
input InsertCar {
name: String!
manufacturer: String!
licensePlate: String
ownerName: String!
ownerBirthday: String
}
type Mutation {
insertCar(car: InsertCar): Car
@bb_restrict_fields(_fields: ["licensePlate", "owner.name"])
@bb_resolver(
_type: INSERT_NESTED,
_object: Car,
_fields: {
name: "$car.$name"
manufacturer: "$car.$manufacturer"
licensePlate: "$car.$licensePlate"
owners: [
{
name: "$car.$ownerName"
birthdate: "$car.$ownerBirthday"
}
]
}
)
}
insertCar mutation would be valid when it looks like this: