Skip to main content

auth

auth is a directive that will enforce authorization rules on the schema definition. It will restrict the viewer of the field based on roles or if the userIDField is specified, it will see if the current users ID equals the field specified. This allows users that own a specific resource (like a comment, or a flag) see their own content, but restrict it to everyone else. If the directive is used without options, it simply requires a logged in user. permit can be used to allow specific USER_AUTH_CONDITIONS that normally (if present) would deny access to any edge associated with the @auth directive. If a User has only some of the conditions listed, they will pass, but if they have at least one more that isn't in the list, the request will be denied. If unscoped is provided and is true, it will require that the user does not have any moderation scopes applied to their account (such as a site moderator).

directive @auth(
roles: [USER_ROLE!]
unscoped: Boolean
userIDField: String
permit: [USER_AUTH_CONDITIONS!]
) on FIELD_DEFINITION

Arguments

auth.roles ● [USER_ROLE!] list enum

auth.unscoped ● Boolean scalar

auth.userIDField ● String scalar

auth.permit ● [USER_AUTH_CONDITIONS!] list enum