Graphql-engine: Ability to hide top-level fields of certain tracked tables from graphql schema

Created on 30 Nov 2019  路  5Comments  路  Source: hasura/graphql-engine

Feature
Add the ability to select which tables should be added to the graphql schema for starting queries.

Context
My database schema includes several tables used for relationships that I don't want listed as separate when querying hasura. The idea is that these tables can only be accessed as nested properties from parent tables related to them.

I want to be able to do a query like this: (considering tableA has an object or array relationship to tableB)

query MyQuery {
  tableA(limit: 20) {
    id
    field
    tableB(limit: 10) {
      name
    }
  }
}

But not be able to query tableB directly or see it on the explorer.

I tried restricting permissions or untracking tableB, however, this hides tableB everywhere which is not what I intend.

server triag2-needs-rfc
Source
picture danrha

Most helpful comment

@danrha Got it. This does make sense from a schema management/customization pov.

cc: @0x777

picture tirumaraiselvan on 7 Jan 2020
👍3

All 5 comments

@tirumaraiselvan i would suggest adding an additional metadata attribute, something like hidden:

"tables": [
  {
    "table": "tableA",
    "is_enum": false,
    "configuration": {
      "custom_root_fields": { ... },
      "custom_column_names": { ... },
    },
    "select_permissions": { ... },
    "array_relationships": [
      {
        "name": "tableB",
        "using": {
          "manual_configuration": {
            "remote_table": "tableB",
            "column_mapping": {
              "id": "id"
            }
          }
        }
      }
    ],
    "object_relationships": [],
  },
  {
    "table": "tableB",
    "is_enum": false,
    "hidden": true,
    "configuration": {
      "custom_root_fields": { ... },
      "custom_column_names": { ... },
    },
    "select_permissions": { ... },
    "array_relationships": [],
    "object_relationships": [],
  }
]

Which would cause the table to be tracked, but remain invisible unless it's related from another table.

danrha picture danrha on 3 Jan 2020

The root schema would include only tableA, but tableB would be visible as an object inside tableA.

This would help simplify/optimize permission management (avoiding the need to apply rules several times on relationships) as filtering the results on tableA would implicitly filter what's visible from tableB. And it would allow for cleaner schemas as we're able to decide the more logical graph path we want to show users for usability, and hide away special-purpose tables which aren't meant to be queried outside the context of relationships.

danrha picture danrha on 3 Jan 2020
👍1

@danrha Got it. This does make sense from a schema management/customization pov.

cc: @0x777

tirumaraiselvan picture tirumaraiselvan on 7 Jan 2020
👍3

Related to https://github.com/hasura/graphql-engine/issues/696, dupe?

tirumaraiselvan picture tirumaraiselvan on 19 Jan 2020
👍1

An RFC for hiding top-level query fields (so they can only be accessed through relationships) is published here: https://github.com/0x777/graphql-engine/blob/select-permission-improvements/rfcs/disable-query-and-subscription-root-fields.md

Please feel free to give your comments here: https://github.com/hasura/graphql-engine/pull/4110/files

I am also closing this issue as a dupe of #696

tirumaraiselvan picture tirumaraiselvan on 18 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

egislook picture egislook  路  3Comments
jjangga0214 picture jjangga0214  路  3Comments
stereobooster picture stereobooster  路  3Comments
EmrysMyrddin picture EmrysMyrddin  路  3Comments
shahidhk picture shahidhk  路  3Comments