auth
auth is a directive that will enforce authorization rules on the schema
definition. It will restrict the viewer of the field based on roles or if the
userIDField
is specified, it will see if the current users ID equals the field
specified. This allows users that own a specific resource (like a comment, or a
flag) see their own content, but restrict it to everyone else. If the directive
is used without options, it simply requires a logged in user. permit
can be
used to allow specific USER_AUTH_CONDITIONS
that normally (if present) would
deny access to any edge associated with the @auth
directive. If a User has
only some of the conditions listed, they will pass, but if they have at least
one more that isn't in the list, the request will be denied. If unscoped
is
provided and is true
, it will require that the user does not have any
moderation scopes applied to their account (such as a site moderator).
directive @auth(
roles: [USER_ROLE!]
unscoped: Boolean
userIDField: String
permit: [USER_AUTH_CONDITIONS!]
) on FIELD_DEFINITION