You can now configure rules for fields — learn more.
Consider the following global rules:
schema
@auth(
providers: [{ type: oidc, issuer: "{{ env.ISSUER_URL }}" }]
rules: [{ allow: private, operations: [read] }]
) {
query: Query
}
type User @model {
id: ID!
name: String!
adminNotes: String
}
Now let's add the @auth directive to the adminNotes field so that only members of the admin group will be able to modify it:
schema
@auth(
providers: [{ type: oidc, issuer: "{{ env.ISSUER_URL }}" }]
rules: [{ allow: private, operations: [read] }]
) {
query: Query
}
type User @model {
id: ID!
name: String!
adminNotes: String @auth(rules: [{ allow: groups, groups: ["admin"] }])
}
Field rules replace model/global rules.
We'd love to hear your feedback and ideas, so join us on Discord.