Skip to content

How to apply the CASL authorization accessibleBy filter the right way? #1197

Answered by hayes
m1212e asked this question in Q&A
Discussion options

You must be logged in to vote

I don't have any experience working with CASL, but the scope auth plugin is probably a good place to start: https://pothos-graphql.dev/docs/plugins/scope-auth

I think your idea of filtering down inside the queries is good, I've do that in a lot of the APIs I've worked on.

For filtering nested relations, the t.relation method can take a query option that can use, as long as you can generate the query syncronously, eg: t.relation('committees', { query: (args, context) => ({ where: ctx.permissions.allowDatabaseAccessTo("list").Committee }) })

Replies: 2 comments 1 reply

Comment options

You must be logged in to vote
1 reply
@m1212e
Comment options

Answer selected by m1212e
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants