[PLA-1891] Hide sensitive attributes from beam APIs (#85)

src/GraphQL/Queries/GetBeamsQuery.php

@@ -8,13 +8,12 @@
 use Enjin\Platform\Beam\Services\BeamService;
 use Enjin\Platform\GraphQL\Middleware\ResolvePage;
 use Enjin\Platform\GraphQL\Types\Pagination\ConnectionInput;
-use Enjin\Platform\Interfaces\PlatformPublicGraphQlOperation;
 use GraphQL\Type\Definition\ResolveInfo;
 use GraphQL\Type\Definition\Type;
 use Illuminate\Support\Arr;
 use Rebing\GraphQL\Support\Facades\GraphQL;
 
-class GetBeamsQuery extends Query implements PlatformPublicGraphQlOperation
+class GetBeamsQuery extends Query
 {
     use HasBeamCommonFields;
 

src/GraphQL/Types/BeamType.php

@@ -7,6 +7,7 @@
 use Enjin\Platform\Beam\GraphQL\Traits\HasBeamCommonFields;
 use Enjin\Platform\Beam\Models\Beam;
 use Enjin\Platform\Beam\Services\BeamService;
+use Enjin\Platform\GraphQL\Schemas\Traits\HasAuthorizableFields;
 use Enjin\Platform\GraphQL\Types\Pagination\ConnectionInput;
 use Enjin\Platform\Traits\HasSelectFields;
 use Illuminate\Pagination\Cursor;
@@ -17,6 +18,7 @@
 
 class BeamType extends Type
 {
+    use HasAuthorizableFields;
     use HasBeamCommonFields;
     use HasSelectFields;
 
@@ -45,6 +47,7 @@ public function fields(): array
             'code' => [
                 'type' => GraphQL::type('String!'),
                 'description' => __('enjin-platform-beam::mutation.claim_beam.args.code'),
+                'excludeFrom' => ['GetBeam', 'GetBeams'],
             ],
             ...$this->getCommonFields(),
             'collection' => [
@@ -89,6 +92,7 @@ public function fields(): array
                 },
                 'selectable' => false,
                 'is_relation' => false,
+                'excludeFrom' => ['GetBeam', 'GetBeams'],
             ],
             'probabilities' => [
                 'type' => GraphQL::type('Object'),

tests/Feature/GraphQL/Queries/GetBeamTest.php

@@ -179,7 +179,7 @@ public function test_it_hides_code_field_when_unauthenticated()
         ]);
 
         $response = $this->graphql($this->method, ['code' => $this->beam->code], true);
-        $this->assertEquals('Cannot query field "code" on type "BeamClaim".', $response['error']);
+        $this->assertEquals('Cannot query field "code" on type "Beam".', $response['error']);
 
         config([
             'enjin-platform.auth' => null,

tests/Feature/GraphQL/Queries/GetBeamsTest.php

@@ -96,7 +96,7 @@ public function test_it_hides_code_field_when_unauthenticated()
         ]);
 
         $response = $this->graphql($this->method, [], true);
-        $this->assertEquals('Cannot query field "code" on type "BeamClaim".', $response['error']);
+        $this->assertEquals('Cannot query field "code" on type "Beam".', $response['error']);
 
         config([
             'enjin-platform.auth' => null,