Operation Field Permissions

You can use @graphql-mesh/plugin-operation-field-permissions plugin to restrict the scope of certain public API users to a subset of the public GraphQL schema.

Based on Envelop's useOperationFieldPermissions (opens in a new tab)

This plugin and authentication on a plugin or source level are complementary. See authentication guide for more details.

Getting Started

Terminal

yarn add @graphql-mesh/plugin-operation-field-permissions

Example Configuration

.meshrc.yaml

# ...
plugins:
  - operationFieldPermissions:
      permissions:
        - if: 'context._auth0?.sub != null'
          allow:
            - '*'

Config API Reference

permissions (type: Array of Object):
- if (type: String)
- allow (type: Array of String)

NewRelic CSRF Prevention