Given this GraphQL schema snippet with field-level permissions, which fields will be visible to a user having only the 'read:basic' permission?
type User {
id: ID!
name: String! @auth(roles: ["read:basic"])
email: String! @auth(roles: ["read:private"])
phone: String @auth(roles: ["read:private"])
}Check which fields require 'read:basic' permission and which require 'read:private'.
The 'id' field is always visible. The 'name' field requires 'read:basic' permission, so it is visible. The 'email' and 'phone' fields require 'read:private' permission, which the user does not have.
What is the main reason to implement field-level permissions in a GraphQL API?
Think about security and data privacy.
Field-level permissions restrict access to specific fields depending on user roles or permissions, enhancing security and privacy.
Which option contains the correct syntax for applying a field-level permission directive in GraphQL?
type Product {
id: ID!
price: Float! @auth(roles: ["admin", "manager"])
}Look carefully at the syntax for directive arguments in GraphQL.
GraphQL directives use colon ':' to assign argument values, and arrays are enclosed in square brackets. Option A follows this syntax correctly.
Which approach best optimizes field-level permission checks to avoid redundant authorization logic in GraphQL resolvers?
Think about avoiding repeated code and improving maintainability.
Centralized middleware handles permission checks once per request or field, reducing duplication and improving performance.
Given this schema and query, why does the user get an unauthorized error on the 'email' field even though they have 'read:basic' permission?
type User {
id: ID!
name: String! @auth(roles: ["read:basic"])
email: String! @auth(roles: ["read:private"])
}
Query:
{
user {
id
name
email
}
}Check the permissions required for each field carefully.
The 'email' field requires 'read:private' permission, which the user does not have, causing the unauthorized error.