Securing Fields

Learn how to enforce authorization on particular fields.

We'll cover the following

Since we now have a way to get the current user, we need to enforce authorization on particular fields to check the context. Knowing the current user also gives us the ability to retrieve associated records in our resolvers and return user-specific information.

Inline authorization

Before we let customers anywhere near this API, we need to put some authorization checks between the current user and our API’s various important actions. Just as we did before, the most direct way to do this is to use the third argument to each resolver and pattern match for the desired case.

Let’s start by securing the :create_menu_item resolver, as we don’t want to let customers run wild with that one:

Get hands-on with 1200+ tech skills courses.