You may use the auth query rule on type Consultancy as follows:
type Consultancy @auth(
query: { rule: """
query($email: String!){
queryConsultancy{
users(filter:{userName:{eq:$email}}){
userName
}
}
}
"""
}
){
id: ID!
name: String!
engagements: [Engagement] @hasInverse(field:consultancy)
users: [Person!]
}
The email provided using the JWT token will be used as $email variable in the auth query.
What this auth query does is that, it will filter out only the consultancies for which the users contains provided email as userName.
Can an Engagement, Project, Programme be part of multiple Consultancies with different Users. In that case, you may have to add similar auth query rule to Engagement and other types as well.
If an Engagement is going to be part of a single Consultancy and Engagement is not going to be queried separately with queryEngagement, it will make more sense to not have auth rules for Engagement and use generate directive to explicitly disable queryEngagement query.
In case you are looking for more examples of using @auth, there is Todo App Tutorial repo containing schema and auth examples of a Todo Auth app.
Thanks for your feedback about @auth directive documentation. We will also be looking at improving it. Do let us know if you have any other questions.