Practice - 5 Tasks
Answer the questions below
1fill in blank
easyComplete the code to apply the authorization directive to the Query field.
GraphQL
type Query {
user(id: ID!): User @[1]
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using @deprecated instead of @auth.
Confusing @include or @skip with authorization directives.
✗ Incorrect
The
@auth directive is used to enforce authorization on fields in GraphQL schemas.2fill in blank
mediumComplete the directive argument to require the ADMIN role for the deleteUser mutation.
GraphQL
type Mutation {
deleteUser(id: ID!): Boolean @auth(role: "[1]")
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'USER' or 'GUEST' which usually have fewer permissions.
Misspelling the role name.
✗ Incorrect
The
role argument specifies which user role is required. Here, ADMIN is needed to delete a user.3fill in blank
hardFix the error in the directive usage to correctly check if the user is authenticated.
GraphQL
type Query {
profile: User @auth(isAuthenticated: [1])
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using quoted strings like "true" instead of boolean true.
Using capitalized True which is invalid in GraphQL.
✗ Incorrect
Boolean arguments in GraphQL directives should be unquoted lowercase
true or false.4fill in blank
hardFill both blanks to define a directive that requires a role and a permission.
GraphQL
directive @auth(role: String, permission: String) on FIELD_DEFINITION
type Mutation {
updateSettings: Boolean @auth(role: "[1]", permission: "[2]")
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'USER' role which may not have enough privileges.
Using 'VIEW_SETTINGS' permission which is read-only.
✗ Incorrect
The mutation requires the
ADMIN role and the EDIT_SETTINGS permission to update settings.5fill in blank
hardFill all three blanks to create a directive that restricts a query to authenticated users with the EDITOR role and WRITE permission.
GraphQL
directive @auth(role: String, permission: String, isAuthenticated: Boolean) on FIELD_DEFINITION
type Query {
editArticle(id: ID!): Article @auth(role: "[1]", permission: "[2]", isAuthenticated: [3])
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'false' for isAuthenticated which denies access.
Quoting boolean values like "true".
Choosing wrong roles or permissions.
✗ Incorrect
The query requires the user to be authenticated (
true) with the EDITOR role and WRITE permission.