I cannot get the policies to work for graphql. I want to add a global policy to my categories endpoint, but it’s not working. I attached the query in Altair as a reference. I added the policy in-line for example purposes.
How can i get this to work?
This topic has been created from a Discord post (1258395815672811641) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord
The console log “hello” is not being fired and also unauthorized is not being returned as an error. The first image is by index.ts
Curious if you got some custom policies for graphql resolvers working <@769211315562217474> - I am also having trouble getting this working. In my case I keep getting Error: Policy plugin::graphql.isOwnedItem not found for named policies and Error: Policy not found for inline implementation policies. In your screenshot there might be a couple syntax errors but maybe you already resolved that.
I did it like this way in register
module.exports = (strapi) => {
const extensionService = strapi.plugin("graphql").service("extension");
// read-single policy for letter
extensionService.use(({ nexus }) => ({
resolversConfig: {
"Query.post": {
policies: ["api::post.can-read"],
},
},
}));
};
also be aware of this Discord
ah thanks. I am interested in ensuring users can only access records they own over graphql and I ended up doing something similar to what you posted in your question using middleware. I also joined today’s office hours and the advice was to use middleware instead of a policy in that case.
great glad you got there, it took me a whole day to realise the GraphQL api does not work the same as REST with controllers etc, I only found out in the forum, not sure why it’s not in the docs