You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: core/graphql.md
+44-1Lines changed: 44 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -40,6 +40,7 @@ Filters are supported out-of-the-box. Follow the [filters](filters.md) documenta
40
40
However you don't necessarily have the same needs for your GraphQL endpoint as for your REST one.
41
41
42
42
In the `ApiResource` declaration, you can choose to decorrelate the GraphQL filters in `query` of the `graphql` attribute.
43
+
In order to keep the default behavior (possibility to fetch, delete, update or create), define all the operations (`query`, `delete`, `update` and `create`).
43
44
44
45
For example, this entity will have a search filter for REST and a date filter for GraphQL:
45
46
@@ -59,7 +60,10 @@ use ApiPlatform\Core\Annotation\ApiResource;
59
60
* graphql={
60
61
* "query"={
61
62
* "filters"={"offer.date_filter"}
62
-
* }
63
+
* },
64
+
* "delete",
65
+
* "update",
66
+
* "create"
63
67
* }
64
68
* )
65
69
*/
@@ -131,3 +135,42 @@ Or order your results like:
131
135
}
132
136
}
133
137
```
138
+
139
+
## Security (`access_control`)
140
+
141
+
To add a security layer to your queries and mutations, follow the [security](security.md) documentation.
142
+
143
+
If your security needs differ between REST and GraphQL, add the particular parts in the `graphql` key.
144
+
145
+
In the example below, we want the same security rules as in REST, but we also want to allow an admin to delete a book in GraphQL only.
146
+
Please note it's not possible to update a book in GraphQL because the `update` operation is not defined.
0 commit comments