- DataObject query plugins
- Learn about some of the useful goodies that come pre-packaged with DataObject queries
- DataObject operation permissions
- A look at how permissions work for DataObject queries and mutations
- DataObject inheritance
- Learn how inheritance is handled in DataObject model types
- Adding DataObject models to the schema
- An overview of how the DataObject model can influence the creation of types, queries, and mutations
- Versioned content
- A guide on how DataObject models with the Versioned extension behave in GraphQL schemas
- Property mapping and dot syntax
- Learn how to customise field names, use dot syntax, and use aggregate functions
- Nested type definitions
- Define dependent types inline with a parent type
DataObject operation permissions
Any of the operations that come pre-configured for DataObjects are secured by the appropriate permissions by default. Please see Model-Level Permissions for more information.
create, if a singleton instance of the record being created doesn't pass a
the mutation will throw.
update, if the record matching the given ID doesn't pass a
canEdit($member) check, the mutation will
delete, if any of the given IDs don't pass a
canDelete($member) check, the mutation will throw.
Query permissions are a bit more complicated, because they can either be in list form, (paginated or not), or a single item. Rather than throw, these permission checks work as filters.
canView()method defined on your DataObjects. Without this, only admins are assumed to have permission to view a record.
readOne a plugin called
canView will filter the result set by the
pageInfofield is not affected. Limits and pages are determined through database queries. It would be too inefficient to perform in-memory checks on large data sets. This can result in pages showing a smaller number of items than what the page should contain, but keeps the pagination calls consistent for
Disabling query permissions
Though not recommended, you can disable query permissions by setting their plugins to
# app/_graphql/models.yml Page: operations: read: plugins: canView: false readOne: plugins: canView: false