Feature Request: Update After @auth Validation

Experience Report for Feature Request

What you wanted to do

Prevent a user from updating certain fields based on @auth rules for validations, the same way I can prevent a user from adding certain fields based on @auth rules for validations.

What you actually did

I can currently prevent a user from adding a certain value to the database by using many different types of field validation @auth rules:

By using some rules like this:

type Language  @withSubscription @auth(
  add: { rule: "query { queryLanguage(filter: { not: { name: { eq: \"French\" } } }) { name code } }" },
  update: { rule: "query { queryLanguage(filter: { not: { name: { eq: \"French\" } } }) { name code } }" },
){
	code: String! @search(by:[exact]) @id
	name: String! @search(by:[exact])
}

But I cannot prevent the user from changing it to the non-allowable value later (or where it can easily pass any add rule I created).

Why that wasn’t great, with examples

Here it will not allow me to add a new Language.name with the value “French”. This is perfect. However, I can easily add some other value, and change it later to “French,” which negates the add rule.

I feel like this is preventing Dgraph from blossoming with any sort of real backend Validation.

Currently @auth:

  • Add New Value (Access to After Results)
  • Delete Current Value (Access to Before Results)
  • Update Current Value to New Value (Only Access to Before Results)

There needs to be different rules for update, as unlike the other, it contains a before and an after value.

Any external references to support your case

J

1 Like