GraphQL: "Forbidden access" for relational field

Andi · May 31, 2022, 6:18pm

System Information

Strapi Version: v4.1.12
Operating System: Debian
Database: MySQL
Node Version: 14.19.2
NPM Version: 6.14.17

Hi,
i’ve added some routes for unauthenticated access within the resolversConfig in index.js, e.g.:

  register({ strapi }) {
    const extensionService = strapi.plugin('graphql').service('extension');

    extensionService.use({
      resolversConfig: {
        'Query.jobs': {
          auth: false
        },
        'Query.jobtype': {
          auth: false
        },
      }
    })
  },

In general its working good. But within the JobEntity i added a field type which relates to the JobTypeEntity, e.g.:

query	{
  jobs (publicationState: LIVE, filters: {locale: {eq: "de"} }, sort: ["title"] ) {
    data {
      attributes { 
      	title
        teaser
        location
        type { 
        	data { 
            attributes { name }
          }
        }
        text 
        createdAt
        updatedAt 
        publishedAt
      }
    }
  }
}

So whenever i am querying the type-field i get the “Forbidden access” message:

"message": "Forbidden access",
      "extensions": {
        "error": {
          "name": "ForbiddenError",
          "message": "Forbidden access",
          "details": {}
        },
        "code": "FORBIDDEN"
      }

How can i add this relational field within the resolversConfig to allow unauthenticated access for it as well?

Thank you very much!

Best,

Andi

Paul_Brats · June 3, 2022, 6:38am

I am still getting the hang of GraphQL in v4, but is this for custom resolvers, or is this for content types generated within the content type builder?

I have to look into it, even though the controllers and resolvers are decoupled, you might have to give it public access in setting > roles > public.