The Guild LogoThe Guild Monogram
Envelop Logo


Get Started

Plugin Hub > useOperationFieldPermissions

yarn add @envelop/operation-field-permissions


Disallow executing operations that select certain fields. Useful if you want to restrict the scope of certain public API users to a subset of the public GraphQL schema, without triggering execution (e.g. how graphql-shield works).

Note: This plugin and authorization on a resolver level (or via middleware) are complementary. You should still verify whether a viewer is allowed to access certain data within your resolvers.


yarn add @envelop/operation-field-permissions

Usage Example#

import { envelop, useSchema } from '@envelop/core' import { useOperationFieldPermissions } from 'envelop/operation-field-permissions' const getEnveloped = envelop({ plugins: [ useSchema(schema), useOperationFieldPermissions({ // we can access graphql context here getPermissions: async context => new Set(['Query.greetings', ...context.viewer.permissions]) }) /* ... other envelops */ ] })


type Query { greetings: [String!]! foo: String }


query { foo }


{ "data": null, "errors": [ { "message": "Insufficient permissions for selecting ''.", "locations": [ { "line": 2, "column": 2 } ] } ] }

Plugin Details

Edit on GitHub