You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From a security standpoint, not all features in seaography are desired/ permitted in the context of a security conscious application. For example, an entity such as "User" would not be desirable to have exposed update or delete mutations applied by any external parties, but rather the system itself should manage this via extended async_graphql objects.
Proposed Solutions
Allow methods in Builder to explicitly enable / disable functionalities such as update, delete, and create mutations to restrict functionalities exposed in query-only apis. This should both be at a per-entity level, and a global level across the entire schema such that restricted items do not appear once the endpoint is introspected by a client.
Additional Information
N/A.
The text was updated successfully, but these errors were encountered:
Motivation
From a security standpoint, not all features in seaography are desired/ permitted in the context of a security conscious application. For example, an entity such as "User" would not be desirable to have exposed update or delete mutations applied by any external parties, but rather the system itself should manage this via extended
async_graphqlobjects.Proposed Solutions
Allow methods in
Builderto explicitly enable / disable functionalities such as update, delete, and create mutations to restrict functionalities exposed in query-only apis. This should both be at a per-entity level, and a global level across the entire schema such that restricted items do not appear once the endpoint is introspected by a client.Additional Information
N/A.
The text was updated successfully, but these errors were encountered: