When I create an auth rule using an extremely basic traversal filtering on the id of the entity itself, the result is that all resources of that entity type are allowed. type Thing @auth(query: { rule: """ query ($THING_ID) { queryThing (filter: { id: [$THING_ID] }) { id } } """}) { id: S…

@auth rules filtering on id allows access to any resourse

jdgamble555 (Jonathan Gamble) September 20, 2021, 6:23pm 2

You have to set the type of rule, query, i.e.

Topic		Replies	Views
Auth Rules - Graphql Documentation	0	308	August 28, 2020
Can not apply filters for related entities GraphQL	3	332	March 12, 2021
Unexpected behavior with @auth rules when using fragments and @cascade GraphQL dgraph , status:accepted , kind:bug , ticket:created	11	860	February 23, 2021
Feature Request: Non type related query auth rule GraphQL kind:feature	3	812	October 6, 2021
Auth JWT array parameters GraphQL auth	1	580	December 2, 2020