When I create an auth rule using an extremely basic traversal filtering on the id of the entity itself, the result is that all resources of that entity type are allowed. type Thing @auth(query: { rule: """ query ($THING_ID) { queryThing (filter: { id: [$THING_ID] }) { id } } """}) { id: S…

@auth rules filtering on id allows access to any resourse

jdgamble555 (Jonathan Gamble) September 20, 2021, 6:23pm 2

You have to set the type of rule, query, i.e.

Topic		Replies	Views
The `@auth` directive - Graphql Documentation	13	2537	December 12, 2020
Auth Rules - Graphql Documentation	0	368	August 28, 2020
@auth doesn't filter on ID Dgraph kind:bug	7	878	August 23, 2022
Can not apply filters for related entities GraphQL	3	363	March 12, 2021
Concerns about authentication/authorization in DGraph with GraphQL endpoint Dgraph Cloud kind:question , auth , status:accepted	4	1198	September 24, 2020