2

I'm trying to implement authorization for graphql-php in my project. The idea is to have a user access array, where I can set access for each user group to specific queries and mutations, and implementing a check-access method in graphql controller, before the query is executed.

One way would be to parse the request myself, but i was wondering if anyone knew how to access the full path to the query, as I've seen it is shown in https://webonyx.github.io/graphql-php/error-handling/

<?php
[
    'message' => 'My reported error',
    'category' => 'businessLogic',
    'locations' => [
    ['line' => 10, 'column' => 2]
],
    'path' => [
        'path',
        'to',
        'fieldWithException'
    ]
];
falinsky
  • 7,229
  • 3
  • 32
  • 56
ElvisElvis
  • 160
  • 1
  • 12

1 Answers1

1

The path can be accessed in resolvers through the ResolveInfo object that every resolver function gets. The docs don't show it, but the fourth argument to every resolver is ResolveInfo (from the webonyx source $resolveFn($source, $args, $context, $info)). Simply get is:

function ($root, $args, $context, $info) {
    $path = $resolveInfo->path;
    // your decisioning

}

And do you decisioning based on it.

AndHeiberg
  • 1,029
  • 1
  • 10
  • 29
  • There is a slight problem with this, because in the resolve funciton this doesnt return the full path of the query only the path up til the current type. But this is still better then nothing and I can work with this, so thank you very much. – ElvisElvis Nov 14 '17 at 15:26
  • I thought that's what you wanted? What's the alternative? – AndHeiberg Nov 16 '17 at 11:17
  • Getting the path in the controller, so i dont have to write a "check" funciton in each resolve but once before the query executes, but I don't think its possible in graphql-php. – ElvisElvis Nov 17 '17 at 16:43
  • Right so essentially you want an array of all paths in the query? I think your best bet would be to write a utility that walks the query AST. It wouldn't be too hard. That being said I do feel my answer is a more appropriate answer to your question. – AndHeiberg Nov 17 '17 at 22:00