Fork me on GitHub
#pathom
<
2018-12-06
>
souenzzo16:12:16

where should I put the access control restrictions? On every resolver? Inspect the query? Make a public-parser and a private-parser is a reasonable solution?

wilkerlucio16:12:27

usually on the resolver that's given access to the resource

👍 4
wilkerlucio16:12:52

if you think that every attribute might have a different access, breaking it on resolvers can give you a fine tune to allow or disallow something

👍 4
wilkerlucio16:12:12

you can just throw an error on the resolver if the access check fails, makes sense?

👍 4