- Strapi Version: 4.1.5
- Operating System: MacOS
- Database: sqlite
- Node Version: 14.17.0
- NPM Version:
- Yarn Version:
Hi, I am using graphql endpoint for my Strapi requests.
I have a Book collection and a user relation in it. So, when I am displaying a post, I want to display author information like name, avatar, etc.
But the problem is all user fields are exposed with graphql and I cannot disable them.
For example, anyone can update my query and fetch the current post’s author email and other data.
I’ve tried to use the field disabling feature but this didn’t work with nested/relational fields.
strapi .plugin('graphql') .service('extension') .shadowCRUD('api::book.book') .field('...') .disable()
I know it is possible to make
So, it would be perfect if I hide some fields on some requests.