Bird
0
0

How can you ensure a delete mutation only deletes if the user has admin rights?

hard📝 Application Q9 of 15
GraphQL - Mutations

How can you ensure a delete mutation only deletes if the user has admin rights?

AInclude user role as an argument in the mutation
BAdd an authorization check in the resolver before deletion
CReturn an error if user role is missing in mutation response
DUse a query instead of mutation to delete
Step-by-Step Solution
Solution:

  1. Step 1: Understand authorization in GraphQL

    Authorization is handled in the server resolver logic, not by mutation arguments.

  2. Step 2: Evaluate options

    Passing user role as argument is insecure; queries cannot delete; error return is reactive, not preventive.

  3. Final Answer:

    Add an authorization check in the resolver before deletion -> Option B

  4. Quick Check:

    Authorization logic belongs in resolver code [OK]
Quick Trick: Put authorization checks inside resolver functions [OK]
Common Mistakes:
  • Passing user role as mutation argument
  • Using queries to delete data
  • Relying on error messages instead of checks

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More GraphQL Quizzes
GraphQL Basics and Philosophy - Single endpoint architecture - Quiz 7medium GraphQL Basics and Philosophy - GraphQL vs REST comparison - Quiz 2easy Mutations - Update mutation pattern - Quiz 9hard Queries - Why queries request specific data - Quiz 4medium Queries - Fragments for reusable selections - Quiz 9hard Queries - Nested field queries - Quiz 4medium Schema Definition Language (SDL) - Type definitions - Quiz 6medium Schema Definition Language (SDL) - Type definitions - Quiz 5medium Type Relationships - One-to-one relationships - Quiz 11easy Type Relationships - One-to-many relationships - Quiz 10hard