Bird
0
0

How can you combine one-to-one relationships with authorization logic to ensure only the owner can access their Profile in GraphQL?

hard📝 Application Q9 of 15
GraphQL - Type Relationships
How can you combine one-to-one relationships with authorization logic to ensure only the owner can access their Profile in GraphQL?
AUse a list of Profiles and filter by user ID client-side
BMake Profile fields nullable to hide data
CAdd a resolver on User.profile that checks current user ID matches owner ID before returning Profile
DRemove the profile field from User type
Step-by-Step Solution
Solution:

  1. Step 1: Understand authorization in resolvers

    Resolvers can check user identity before returning data.

  2. Step 2: Apply authorization to one-to-one field

    Adding a check in User.profile resolver ensures only owner sees their Profile.

  3. Final Answer:

    Add a resolver on User.profile that checks current user ID matches owner ID before returning Profile -> Option C

  4. Quick Check:

    Authorization logic in resolver protects one-to-one data [OK]
Quick Trick: Use resolvers to enforce access control on one-to-one fields [OK]
Common Mistakes:
  • Relying on nullable fields for security
  • Filtering data client-side only
  • Removing fields instead of controlling access

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More GraphQL Quizzes
Mutations - Input type for complex arguments - Quiz 1easy Mutations - Update mutation pattern - Quiz 14medium Mutations - Input arguments for mutations - Quiz 15hard Mutations - Delete mutation pattern - Quiz 5medium Queries - Aliases for field renaming - Quiz 2easy Queries - Basic query syntax - Quiz 15hard Resolvers - Default resolvers - Quiz 9hard Resolvers - Args argument - Quiz 3easy Schema Definition Language (SDL) - List types - Quiz 2easy Schema Definition Language (SDL) - Object types - Quiz 1easy