堆栈内存溢出
  简体   繁体   English

在GraphQL / Relay中处理隐私

[英]Handling Privacy in GraphQL/Relay

 原文  2016-06-30 11:01:48       reactjs/ graphql/ relayjs/ graphql-js

问题描述

I have an application with users which have many attributes, some of which are public, and some are private by default, and can become public if the user chooses to do so. 我有一个带有用户的应用程序,该用户具有许多属性,其中一些属性是公共的,默认情况下某些属性是私有的,如果用户选择这样做,则可以变为公共属性。

How can I handle the fetching of private attributes? 如何处理私有属性的获取? I mean, I want that, for instance, if I'll try to fetch all the user's attributes, I'll get all his public attributes, and some null-ish value for his private attributes (and not unauthorized error message). 我的意思是,例如,如果要尝试获取用户的所有属性,我将获得其所有公共属性,以及其私有属性的一些空值(而不是未经授权的错误消息)。

I also want to somehow override this so the user will have no trouble to fetch all of his data. 我还想以某种方式覆盖此设置,以便用户可以轻松获取所有数据。

2 个解决方案

解决方案1
 3  2016-07-03 13:13:44

As DARK_DUCK already stated: You would decide what to return for a certain user in the resolve method of the attributes in your GraphQL server side schema. 如DARK_DUCK所述:您将在GraphQL服务器端模式中属性的resolve方法中决定为特定用户返回什么。

I save necessary data for user authentication in a cookie. 我将用于用户身份验证的必要数据保存在cookie中。 Then I pass this authentication data down to the GraphQL schema in the root value. 然后,我将此身份验证数据传递到根值中的GraphQL模式。 In the resolve method of private user data I check the access rights and return the appropriate data (null or the actual data). 在私有用户数据的resolve方法中,我检查访问权限并返回适当的数据(空或实际数据)。

I made a small example repository on how to handle authentication and private data with relay and graphql. 我制作了一个小示例存储库,说明如何使用Relay和graphql处理身份验证和私有数据。 See this file and the posts attribute for a detailed example. 有关详细示例,请参见此文件和posts属性。

解决方案2
 1 已采纳  2016-07-03 00:45:06

The privacy of your fields should be done on the server side. 您的字段的隐私权应在服务器端完成。

You can set to null all private attributes in the global resolve function of your User model or add resolve functions in potentially privates attributes. 您可以将用户模型的全局解析函数中的所有私有属性设置为空,或者在潜在的私有属性中添加解析函数。

Then with relay you fetch everything. 然后通过中继获取所有内容。 and I your component you check for null values and display what you want (a Lock for example to indicate that the value is private) 我在您的组件中检查空值并显示所需的内容(例如,一个Lock指示值是私有的)

Hope it helps 希望能帮助到你

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GraphQL和中继过滤UI - GraphQL & Relay Filtering UI 使用Relay和GraphQL进行查询 - Query with Relay and GraphQL GraphQL和中继的概念 - Concepts of GraphQL and Relay GraphQL中继关系和变异 - GraphQL Relay relationships and mutation Graphql&Relay生产案例 - Graphql & Relay production cases 未知的插件“ Relay”-React,GraphQL和Relay - Unknown plugin “Relay” - React, GraphQL and Relay 在Relay Modern中处理身份验证 - Handling authentication in Relay Modern 在graphql / relay中维护一个有序列表 - Maintaining an ordered list in graphql/relay 中继graphql片段有什么好处? - What is benefit of relay graphql fragment? 带中继的动态GraphQL模式生成 - Dynamic GraphQL schema generation with relay
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM