Replies: 2 comments
-
|
Do you need to authorise it on a per-user level? If not, this was our solution to disable it per environment: class MySchema < GraphQL::Schema
unless ENV.fetch("GRAPHQL_SCHEMA_INTROSPECTION", "off") == "on"
disable_introspection_entry_points
end
end |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
For per-user-level authorization, provide custom # /app/graphql/introspection/type_type.rb
module Introspection
class TypeType < GraphQL::Introspection::TypeType
def self.authorized?(object, context)
# use whatever auth rules you can derive from `context`, e.g.
super && context[:current_ability].can?(:read, Introspection::TypeType)
end
end
end# /app/graphql/introspection/schema_type.rb
module Introspection
class SchemaType < GraphQL::Introspection::SchemaType
def self.authorized?(object, context)
super && context[:current_ability].can?(:read, Introspection::SchemaType)
end
end
end# /app/graphql/graphql_schema.rb
class GraphqlSchema < GraphQL::Schema
# ...
introspection Introspection
enddocs: https://graphql-ruby.org/schema/introspection#customizing-introspection |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Looking at the docs on introspection (https://graphql-ruby.org/schema/introspection.html) and authorization visibility (https://graphql-ruby.org/authorization/visibility.html), I cannot find a global way to keep introspection on, yet require authentication for it. Is there an easy way to do this that I am missing?
Beta Was this translation helpful? Give feedback.
All reactions