Operation examples
This is the documentation of the GraphQL Library version 6. For the long-term support (LTS) version 5, refer to GraphQL Library version 5 LTS. |
This page showcases a number of GraphQL queries and how you can trigger the evaluation of different authentication and authorization rules.
Each relevant line has a comment such as CREATE ON OBJECT Movie
, which means an authentication directive like the following is evaluated:
type Movie @authentication(operations: [CREATE]) @node {
title: String!
actors: [Actor!]! @relationship(type: "ACTED_IN", direction: IN)
}
This also applies if the directive has no arguments because |
The following examples apply to the @authentication
directive, and also any rules within an @authorization
directive.
Query
For a simple query, rules with READ
in the operations are evaluated for any type being read:
query {
movies { # READ ON OBJECT Movie
title # READ ON FIELD_DEFINITION Movie.title
actors { # READ ON OBJECT Actor
name # READ ON FIELD_DEFINITION Actor.name
}
}
}
Mutation
For create
mutations, CREATE
rules on the object are evaluated for each node created, as well as field definition rules:
mutation {
createMovies(input: [
{ # CREATE ON OBJECT Movie
title: "The Matrix" # CREATE ON FIELD_DEFINITION Movie.title
}
]) {
movies { # READ ON OBJECT Movie
title # READ ON FIELD_DEFINITION Movie.title
}
}
}
For single delete
mutations, rules with DELETE
on the object are evaluated:
mutation {
deleteMovies(where: { title_EQ: "The Matrix" }) { # DELETE ON OBJECT Movie
nodesDeleted
}
}
For delete
mutations with nested delete operations, rules with operation DELETE
are evaluated:
mutation {
deleteMovies( # DELETE ON OBJECT Movie
where: { title_EQ: "The Matrix" }
delete: { actors: { where: { node: { name_EQ: "Keanu" } } } } # DELETE ON OBJECT Actor
) {
nodesDeleted
}
}
For a complex update
mutation with many effects, a variety of rules is evaluated, as well as READ
rules for the selection set:
mutation {
updateMovies(
where: { title_EQ: "The Matrix" }
connect: { actors: { where: { node: { name_EQ: "Keanu" } } } } # CONNECT ON OBJECT Actor and Movie
update: { # UPDATE ON OBJECT Movie
title: "Speed" # UPDATE ON FIELD_DEFINITION Movie.title
}
) {
movies { # READ ON OBJECT Movie
title # READ ON FIELD_DEFINITION Movie.title
actors { # READ ON OBJECT Actor
name # READ ON FIELD_DEFINITION Actor.name
}
}
}
}
Subscription
For a simple subscription to creation events, both SUBSCRIBE
and READ
operations trigger rules:
subscription {
movieCreated { # SUBSCRIBE ON OBJECT Movie
createdMovie { # READ ON OBJECT Movie
title # READ ON FIELD_DEFINITION Movie.title
}
}
}
For a more complex subscription to relationship events, SUBSCRIBE
is an operation as well as READ
to all relevant types:
subscription {
movieRelationshipCreated { # SUBSCRIBE ON OBJECT Movie
movie { # READ ON OBJECT Movie
title # READ ON FIELD_DEFINITION Movie.title
}
createdRelationship {
actors {
node { # READ ON OBJECT Actor
name # READ ON FIELD_DEFINITION Actor.name
}
}
}
}
}