Replies: 2 comments
-
|
GraphQL API authorization is currently pretty simple: we authorize that you have access to the requested schema, via the provided token (unless it’s the public schema), and then you have free reign to all queries and mutations that are included in the schema. User mutations would require adding an authorization layer that doesn’t currently exist. You should be allowed to edit your username, but not others’, for example. |
Beta Was this translation helpful? Give feedback.
-
|
Ah ok. That makes sense. Do you have a suggestion on how to handle a Next.js user dashboard where users can edit their own account info? Would it be with the users/save-user controller? https://craftcms.com/docs/4.x/dev/controller-actions.html#post-users-save-user |
Beta Was this translation helpful? Give feedback.
-
This means I can build an app where users can add items using mutate Entry, from a Next.js powered dashboard, but I will be unable to provide these users the opportunity to change their names, write bios, add images within the same platform.
Why are users not exposed to mutation in the GraphQL support from CraftCMS?
Beta Was this translation helpful? Give feedback.
All reactions