If I set up a GraphQL schema with @auth rules, do / will DQL queries respect them?
It seems that I can freely query via the DQL /query endpoint even though the /graphql endpoint is requiring an auth header… ( It also seems that this is by design or for some reason considered by the core team to be fine )
Is there a way to disable the DQL endpoint or otherwise convince it to respect the @auth rules?
I mean I know @auth rules via JWT are literally called PoorMansAuth… but that doesn’t mean they ought to be soooooo easily subverted.
If this is an up-sell strategy then I guess I can say “fair enough”
(Dgraph IS giving away a seriously awesome product)
… if that is the case, I’d prefer that this apparent awkwardness be explicitly portrayed as a strategic limitation, intended to make enterprise ACL more attractive.
… if not, then it would be great to have some sort of simple way to disable DQL
or better yet, teach DQL to respect the GraphQL @auth rules (as the schema’s are so intimately linked anyway)