Question 1

How to integrate GraphQL Guard with Pundit?

Accepted Answer

Define a guard lambda that calls your Pundit policy, e.g., guard ->(obj, args, ctx) { PostPolicy.new(ctx[:current_user], obj).show? }, and pass current_user in the GraphQL context, as shown in the README's Pundit integration example.

Question 2

GraphQL Guard vs using CanCanCan directly in GraphQL?

Accepted Answer

CanCanCan handles model-level permissions, while GraphQL Guard applies them at the field level in GraphQL. GraphQL Guard complements CanCanCan by allowing field-specific checks without modifying resolver logic.

Question 3

How to hide a GraphQL field from unauthorized users?

Accepted Answer

Use the mask feature by adding a mask lambda to the field definition, e.g., mask ->(ctx) { ctx[:current_user].admin? }, which prevents both introspection and access for non-admins, as described in the schema masking section.

Question 4

How to test authorization guards in GraphQL Guard?

Accepted Answer

Require the testing module with 'graphql/guard/testing' and use field_with_guard to isolate and test guard logic, as detailed in the testing section of the README.

Question 5

Can I have global authorization rules for all fields?

Accepted Answer

Yes, by defining a guard on the type level or using a policy object with a '*' rule, but be mindful of the priority order to ensure it doesn't conflict with field-specific guards.

Question 6

How to handle unauthorized access without errors?

Accepted Answer

Configure a custom not_authorized lambda that returns nil or a GraphQL::ExecutionError, allowing silent failures or controlled error responses, as explained in the error handling section.

graphql-guard

What is graphql-guard?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions