mirror of
https://github.com/IT4Change/Ocelot-Social.git
synced 2026-01-19 03:11:24 +00:00
aa07a2a616
I found a way to cleanly request additional attributes in our middleware. We can use this pattern if we e.g. require the author of posts and comments to check if the user is the author and therefore authorized to update or delete the post. CC @mattwr18 @appinteractive @tirokk
25 lines
826 B
JavaScript
25 lines
826 B
JavaScript
import cloneDeep from 'lodash/cloneDeep'
|
|
|
|
const includeId = async (resolve, root, args, context, resolveInfo) => {
|
|
// Keeping the graphql resolveInfo untouched ensures that we don't add the
|
|
// following attributes to the result set returned to the graphQL client.
|
|
// We only want to pass these attributes to our resolver for internal
|
|
// purposes e.g. authorization.
|
|
const copy = cloneDeep(resolveInfo)
|
|
|
|
copy.fieldNodes[0].selectionSet.selections.unshift({
|
|
kind: 'Field',
|
|
name: { kind: 'Name', value: 'id' }
|
|
})
|
|
return resolve(root, args, context, copy)
|
|
}
|
|
|
|
export default {
|
|
Query: (resolve, root, args, context, info) => {
|
|
return includeId(resolve, root, args, context, info)
|
|
},
|
|
Mutation: (resolve, root, args, context, info) => {
|
|
return includeId(resolve, root, args, context, info)
|
|
}
|
|
}
|