@Authorized for Input Types

[zakariaelas]

Hello, I'm curious if it is possible to use the @Authorized() decorator with InputTypes. I have a use case where I want users of a specific role to be able to patch a field and not any logged in user.

Here is an example of what I hope to achieve and what I expect:

@InputType()
class PatchDogInput {
  @Field()
  name: string;

  @Field()
  breed: string;

  @Authorized([ROLES.ADMIN])
  @Field({ nullable: true })
  age?: number; // This field can only be modified by an admin
}

@Resolver()
class DogResolver {
  @Authorized()
  @Mutation(() => Dog)
  patchDog(
    @Arg('dogId') dogId: string,
    @Arg('dog') dog: PatchDogInput,
  ): Promise<Dog | null> {
    //Assume the request is made by a "normal" user (not an admin)
    console.log(dog.name); // "max"
    console.log(dog.breed); // "bulldog"
    console.log(dog.age); // should be undefined because user is not an admin

    const patchedDog = await dogService.find(dogId, dog);
    return patchedDog;
  }
}

Is there support for such a use case? If not, do you have any recommendations on how to handle this?

Thank you!

[MichalLytek]

It's not possible because input types does not have field resolvers.

I would recommend you to have a dedicated mutation for admin with a different input type. This way normal users will know which fields they can provide and what they are allowed to do.

And instead of crud "patch" approach, try to have more business-oriented operations like changeDogName or moveFromShelter instead of having 1:1 mapping of columns.