Operations

This page showcases a number of GraphQL queries and how you can trigger the evaluation of different authentication and authorization rules.

Each relevant line has a comment such as CREATE ON OBJECT Movie, which means an authentication directive like the following is evaluated:

type Movie @authentication(operations: [CREATE]) {
    title: String!
    actors: [Actor!]! @relationship(type: "ACTED_IN", direction: IN)
}

This also applies if the directive has no arguments because operations defaults to all operations.

The following examples apply to the @authentication directive, and also any rules within an @authorization directive.

Examples

Query

For a simple query, rules with READ in the operations are evaluated for any type being read:

query {
    movies {     # READ ON OBJECT Movie
        title    # READ ON FIELD_DEFINITION Movie.title
        actors { # READ ON OBJECT Actor
            name # READ ON FIELD_DEFINITION Actor.name
        }
    }
}

Mutation

For create mutations, CREATE rules on the object are evaluated for each node created, as well as field definition rules:

mutation {
    createMovies(input: [
        {                       # CREATE ON OBJECT Movie
            title: "The Matrix" # CREATE ON FIELD_DEFINITION Movie.title
        }
    ]) {
        movies {                # READ ON OBJECT Movie
            title               # READ ON FIELD_DEFINITION Movie.title
        }
    }
}

For single delete mutations, rules with DELETE on the object are evaluated:

mutation {
    deleteMovies(where: { title: "The Matrix" }) { # DELETE ON OBJECT Movie
        nodesDeleted
    }
}

For delete mutations with nested delete operations, rules with operation DELETE are evaluated:

mutation {
    deleteMovies(                                                  # DELETE ON OBJECT Movie
        where: { title: "The Matrix" }
        delete: { actors: { where: { node: { name: "Keanu" } } } } # DELETE ON OBJECT Actor
    ) {
        nodesDeleted
    }
}

For a complex update mutation with many effects, a variety of rules is evaluated, as well as READ rules for the selection set:

mutation {
    updateMovies(
        where: { title: "The Matrix" }
        connect: { actors: { where: { node: { name: "Keanu" } } } } # CONNECT ON OBJECT Actor and Movie
        update: {                                                   # UPDATE ON OBJECT Movie
            title: "Speed"                                          # UPDATE ON FIELD_DEFINITION Movie.title
        }
    ) {
        movies {                                                    # READ ON OBJECT Movie
            title                                                   # READ ON FIELD_DEFINITION Movie.title
            actors {                                                # READ ON OBJECT Actor
                name                                                # READ ON FIELD_DEFINITION Actor.name
            }
        }
    }
}

Subscription

For a simple subscription to creation events, both SUBSCRIBE and READ operations trigger rules:

subscription {
    movieCreated {     # SUBSCRIBE ON OBJECT Movie
        createdMovie { # READ ON OBJECT Movie
            title      # READ ON FIELD_DEFINITION Movie.title
        }
    }
}

For a more complex subscription to relationship events, SUBSCRIBE is an operation as well as READ to all relevant types:

subscription {
    movieRelationshipCreated { # SUBSCRIBE ON OBJECT Movie
        movie {                # READ ON OBJECT Movie
            title              # READ ON FIELD_DEFINITION Movie.title
        }
        createdRelationship {
            actors {
                node {         # READ ON OBJECT Actor
                    name       # READ ON FIELD_DEFINITION Actor.name
                }
            }
        }
    }
}