When using slash graphql automatically crud resolvers are exposed.
Sometimes I don’t want to expose all resolvers and let users of the API to only be able to make read-only requests for a certain type for example.
I know that it is possible to guard an endpoint with
@auth directive but there is one problem with that:
Assume that I have an events management application and I want to allow for a user to add events and update or delete a specific event but not to delete many events at once.
Another example is when a user can query a certain type but only specific fields are eligable