[ADVAPP-23]: Implement authorization methodology for querying particular fields #536

danharrin · 2024-02-15T16:15:55Z

You are now no longer able to see user relationships unless you have the view permission for that user.

You are now no longer able to view email addresses in responses (inc nested relation responses) unless you have the user.view-email permission.

You are now no longer able to query email addresses in requests (inc nested relation queries) unless you have the user.view-email permission.

What types of changes does your code introduce? Put an x in all the boxes that apply:

A deployment step could be a command that needs to be executed or an ENV key that needs to be added, for example.

Before contributing and submitting this PR, make sure you have:

Read the contributing guidelines.
Title the PR with the ticket/issue number and a short description of the changes made. Or if no ticket/issue exists, title the PR with a short description of the changes made
Linked a relevant ticket or issue or describe the issue/feature which this PR resolves/implements.
Resolved all conflicts, if any.
Rebased your branch PR on top of the latest upstream main branch.

…lar fields

sonarqubecloud · 2024-02-15T16:19:27Z

[ADVAPP-23]: Implement authorization methodology for querying particu…

e679e99

…lar fields

danharrin requested a review from a team February 15, 2024 16:15

danharrin and others added 2 commits February 15, 2024 16:16

Update service-management.graphql

ed891d4

chore: fix enforcement of copyright on all files

02b5656

Orrison approved these changes Feb 15, 2024

View reviewed changes

Orrison merged commit 9668c79 into main Feb 15, 2024
7 checks passed

Orrison deleted the advapp-23 branch February 15, 2024 19:35