How to create a custom schema directive for permission?

[gbrlsnchs]

Hello,

I've been reading https://graphql-ruby.org/type_definitions/directives.html#custom-schema-directives, which has an exact example of a permission directive. However it never teaches how to verify that level property and to forbid access to a field based on that property. So, how to do this?

[rmosolgo]

Hi! Great question. After setting up directive configuration, you can implement authorized? methods which check the given context against the schema member's permission configuration. For example, in a type:

class MyType < GraphQL::Schema::Object
  def self.authorized?(obj, ctx)
    if (dir = self.directives.find { |d| d.is_a?(Directives::Permission) })
      # somehow check the configured permission level against this query's permission level:
      YourApp.permitted?(context[:permission_level], dir.arguments[:level])
    else 
      true # no config 
    end 
  end 
end 

You could speed this up by having the directive also assign instance variables, see the gem's deprecation_reason handling for an example of that.