Allow GraphQL fields to have separate permission sets for the object and the resolved value
Related to #40088
When we authorize fields, we have to decide if we want to check the object or the resolved value. For instance, if we are authorizing Project.secretField
then we need to decide if we apply the policy checks to the project
or whatever the secretField
is.
Why not both?
For flexibility, and more importantly clarity in #authorized?
, there are good reasons to want to allow the DSL to specify which of these two things is the object of the policy predicate.
Currently:
field :secret_field, SecretType, null: true,
authorize: :read_secret
Proposal:
field :secret_field, SecretType, null: true,
authorize_object: :read_secret,
authorize_value: :read_secert
There are good reasons to do both - authorizing on the object can save DB queries (since we have the object, but might need to find the value). But permissions may be required on the value as well - for Issue
, the confidentiality status is not something we can determine just by looking at the project or group.