With GraphQL-Ruby, it’s possible to hide parts of your schema from some users. This isn’t exactly part of the GraphQL spec, but it’s roughly within the bounds of the spec.

Here are some reasons you might want to hide parts of your schema:

Hiding Parts of the Schema

You can customize the visibility of parts of your schema by reimplementing various visible? methods:

These methods are called with the query context, based on the hash you pass as context:. If the method returns false, then that member of the schema will be treated as though it doesn’t exist for the entirety of the query. That is:

Object Visibility

Let’s say you’re working on a new feature which should remain secret for a while. You can implement .visible? in a type:

class Types::SecretFeature < Types::BaseObject
  def self.visible?(context)
    # only show it to users with the secret_feature enabled
    super && context[:viewer].feature_enabled?(:secret_feature)

(Always call super to inherit the default behavior.)

Now, the following bits of GraphQL will return validation errors:

And in introspection:

Field Visibility

class Types::BaseField < GraphQL::Schema::Field
  # Pass `field ..., require_admin: true` to hide this field from non-admin users
  def initialize(*args, require_admin: false, **kwargs, &block)
    @require_admin = require_admin
    super(*args, **kwargs, &block)

  def visible?(ctx)
    # if `require_admin:` was given, then require the current user to be an admin
    super && (@require_admin ? ctx[:viewer]&.admin? : true)

For this to work, the base field class must be configured with other GraphQL types.

Argument Visibility

class Types::BaseArgument < GraphQL::Schema::Argument
  # If `require_logged_in: true` is given, then this argument will be hidden from logged-out viewers
  def initialize(*args, require_logged_in: false, **kwargs, &block)
    @require_logged_in = require_logged_in
    super(*args, **kwargs, &block)

  def visible?(ctx)
    super && (@require_logged_in ? ctx[:viewer].present? : true)

For this to work, the base argument class must be configured with other GraphQL types.

Opting Out

By default, GraphQL-Ruby always runs visibility checks. You can opt out of this by adding to your schema class:

class MySchema < GraphQL::Schema
  # ...
  # Opt out of GraphQL-Ruby's visibility feature:
  use GraphQL::Schema::AlwaysVisible

For big schemas, this can be a worthwhile speed-up.